Anti-Virus v EDR (Endpoint Detection & Response) – what’s the difference?

Everyone knows that cybersecurity is important, but many organisations are so focussed on their core business that they are not dedicating enough time, attention and resource into the right products and services to mitigate the ever increasing and broadening array of threats against businesses.

The risk of falling victim to any one of the array of threats, such as malware¹, ransomware, and DDoS, is extremely real. With the number of global DDoS attacks alone being forecast to double by 2023², having the best possible cyber strategy has never been more critical. Our approach….expect to be breached.

A network breach can often prove catastrophic for organisations, damaging their reputation and losing them a lot of money. Furthermore, data protection rules such as the GDPR regulations brought in in 2018, place further responsibility on organisations regarding the handling, processing, and storage of personal data. The GDPR means that cyber-attacks can even leave organisations with hefty fines.

Cybercrime is growing in frequency and sophistication and so in turn, requires a more sophisticated approach to defend against it. Traditionally, anti-virus software has provided organisations with the defences required to protect their assets from hackers. However, as a business grows and more endpoints are added to an organisation’s networks, the potential points of entry into their networks grows with them. Endpoints are classified as all the devices that are connected to the network, things such as employee laptops, workstations and servers.

This is where Endpoint Detection & Response, or EDR, can provide a more advanced approach to defending these networks than anti-virus software can. Understanding the different options that are available can seem like an arduous task, but the differences between anti-virus and EDR are clear to see.

EDR is a behaviour-based system that provides an ongoing analysis of an endpoint’s activity, looking out for signs of any unusual behaviours of the apps and software that run on it. EDR software will run on a range of hosts, using many analytical tools. This enables the real-time detection of threats that exist within the network, with data then being passed to a centralised database to enable more advanced analysis, investigation and most importantly RESPOND. With EDR systems, IT teams are better informed about what is going on in the network and are able to act more swiftly in response to a threat where an immediate mitigation action has been taken to prevent further damage across an organisations network resources.

This is a much more advanced approach than that used by signature-based anti-virus systems. Using a good EDR means that you do not need to depend on anti-virus systems, as it is more capable and sophisticated than anti-virus can be. Anti-virus systems employ a more rudimentary approach, using scans to check for the signatures of already known threats. They do offer warnings and the removal of basic viruses but are simply not capable of delivering the far more advanced features of EDR, which can carry out the automated remediation or removal of many threats based on the behavioural analysis of endpoint activity.

Reflective IT combine their advanced skill set as a Microsoft Cloud Partner using Defender for 365 (Plan 2), alongside Azure Sentinel to deliver not only EDR solutions but provide high level SOC (Security Operations Centre) services with investigation and reporting. Software solutions and IT services should always form a component of a good IT security strategy and IT Governance, whatever the size of your organisation.

For expert advice and solutions against network breaches why not visit us at or call us now on 0207 317 4535.



Posted in Uncategorised.