These days, every endpoint within an enterprise is going to have some form of antivirus software. It’s mandated in a lot of industries, plus it makes no sense to run a system without it, if nothing else than to protect the endpoint from random, untargeted threats. But antivirus is also fairly ineffective against targeted and more sophisticated attacks, which are often created specifically to get around normal AV protection. For that, the next level of protection needed is an endpoint detection and response (EDR) platform.
EDR works by looking for malicious activity or processes on endpoints, including code and unusual behavior. For example, an attacker who steals valid credentials through a phishing attack can log into a system normally without triggering any alarms or using any malware. They would initially have free reign of the endpoint, but their activities after that, like trying to elevate privileges or move horizontally to other systems, will likely get flagged by a good EDR system.
While EDR is increasingly important, it’s also becoming a bit commoditized in that many of the offerings are very similar. That could make it easier for skilled attackers to find ways…