perm_phone_msgVous subissez une attaque ? Contactez-nous +33 1 73 07 18 41

Antivirus, EPP and EDR What Differences?

Cybersécurité + Customer RSS Antoine Botte aujourd'hui27/01/2020 370 1 5

Background
share fermer

Today there are a very large number of types of point protection solutions. This large number does not facilitate the choice of its protection solution, especially since each of these solutions has very specific functionalities. It is however important to make this choice in conscience but also in knowledge. This is why it is wise to know the protection solutions present on the market, their mode of operation, their advantages but also their limits. 


Antivirus or the charm of the traditional style

AntiVirus, also known by the initials AV, is the default workstation protection program since it is the best known and most widely used. Indeed, it is the protection software that appeared the first on the market. Since its appearance in March 1988, AV has evolved a lot in the detection and neutralization of viruses and malware.

However, its technology remains almost unchanged since its creation apart from some improvements in overlayer.

AV technology

The antivirus has a simple mode of operation based on regular machine scans. The antivirus offers three kinds of scans to detect or block malicious actions or programs:

  • Signature scan  : The AV will detect and read the hash of each program and compare it to those it knows. If the software product key matches that of a malicious program, it will be blocked, deleted, or quarantined.
  • The heuristic scan : The heuristic scan allows to identify new viruses not yet registered in the databases of AV providers. This scan is based on the supposed behavior of a program. When launching a program, it is launched in parallel in a sandbox and its behavior is analyzed. If some of its actions are suspicious (deleting files, launching multiple processes) an alert will be sent to the user.
  • The integrity scan : When the machine is turned on, at regular intervals and as soon as a file is modified, the AV launches a new scan to verify that no file has been modified or corrupted by software malicious.

The AV, its advantages and its limits

The antivirus is the most well-known and widespread protection program. It is a software which is inexpensive in price per station and which is relatively simple to configure and to use. It can be an ample protection solution on a particular workstation or for occasional use.

However, although widespread, AV has its limits. Its functionalities have evolved over time but have not adapted to developments in the area of ​​malware and malware. Also, as noted above, the basic technology of antivirus software has not really changed. Indeed, the new functionalities brought to each software update have been added in an overlay which gives heavy programs both in memory and in machine resources.

In 2020, it almost became obsolete.

Why ?

The protection provided by an antivirus is basic and it has become possible to easily override it. For example, searching for product signatures is only relevant if the malware is listed. A malicious user can, in a few minutes, create a script or program whose hash is not yet listed and carry out an attack which will not be stopped by the antivirus.

In the same way, there are today fileless attacks (without files and therefore without signatures) which allow to attack or hack a machine even if the latter is protected by an antivirus.

The Endpoint Protection Platform or how to make new things with an old recipe

Endpoint Protection Platform or EPP are a bit of next-gen antivirus. They kept the signature scan scheme of the antivirus while providing new and more advanced features. The EPP is however more appropriate than an AV for the protection of the machines of a company insofar as its spectrum of protection is broader than its predecessor.

What technologies does the EPP use?

The Endpoint Protection Platform works very similar to antivirus. It is based on a signature scanning method to which many features and overlays have been added. The EPP embeds new technologies that make it better able to protect a machine against ransomware attacks for example.

The EPP embeds, in addition to the signature scan and the heuristic scan of the Antivirus:

  • Behavioral analysis : Thanks to a machine learning engine, the EPP will be able to identify actions and files that can be considered malicious
  • Memory monitoring: The protection software will analyze in real time during the use of a program if the latter does not corrupt the memory of the system or of another program.
  • Verification of IOC’s or indicator of compromise: the EPP will identify on the machine any file or registry key that could be linked to an attack thanks to threat intelligence (human search for the last types of known attacks).

Is EPP sufficient?

EPP is next generation endpoint protection software. However, although it has many features, it is not foolproof. Indeed, it can detect much more malware than an antivirus but does not block them or detect certain types of attacks or attempted system or data corruption. It remains nevertheless a more relevant product than an antivirus for the protection of computers and servers.

The cybersecurity software revolution, EDR

Endpoint Detection & Response is the new model of endpoint protection software. This is clearly a revolution in the whole protection technology against viruses, malware and attacks by malicious users. 

EDR, a concentrate of intelligence

The EDR is responsible for new technologies in order to provide its users with even closer protection. In fact, unlike AV and EPP, Endpoint Detection & Response will be able to identify and stop threats even before the start of system corruption thanks to a very large data collection compared to other protection solutions .

The EDR has very advanced features such as:


Behavioral analysis

just as for the EPP, the behavioral analysis of the EDR will make it possible to identify and identify threats by suspicious behavior of the user or a program (access to registry keys, execution of system administration, etc.) thanks to a machine learning engine.

Artificial intelligence

Indeed, the pillar of EDR is AI. This technology is revolutionary in that the software becomes much more reactive in detecting and stopping risky and threat actions (malware, ransomware, viruses, fileless attacks, etc.), all without having to connect to internet to update your knowledge since autonomous and self-learning.

CTI

CTI or Cyber ​​Threat Intelligence is human intelligence at the service of the machines to be protected. In short, the CTI is a kind of technological watch. Software distributors are constantly learning about new types of viruses, attacks and malware so that they can always provide more functionality and more protection against attacks from yesterday and tomorrow.

Should EDR be preferred to other technologies?

Everything is relative and the choice is up to everyone. However, given the statistics, the EDR will be more appropriate to protect a company’s data. Its technology is truly cutting-edge and constantly improving, all on solid foundations and reviewed day by day to best combat cyber threats.

Nucleon Smart Endpoint Platform, at the junction of all the paradigms

At the junction of all its technologies, there is the Nucleon Smart Endpoint solution, distributed by the company Nucleon Security. This very light endpoint protection software embeds all the best features of workstation and server protection systems in a single technology.

From signature scans, to heuristics, of course, through artificial intelligence and machine learning, Nucleon Smart Endpoint adapts to new threats every day thanks in particular to CTI.

In addition to the technologies already known and present in protection systems, the software developed by Nucleon Security also offers a very complete module for detecting and managing vulnerabilities, fully customizable.

With Nucleon Smart Endpoint, important data is protected from external and internal threats, from the known and the unknown, from humans and machines.

Written by: Antoine Botte

Rate it