“I’m using antivirus software, isn’t that good enough?” is a question I hear often. My answer is that it depends on the level of protection you want. Business owners often consider insurance policies, CCTV camera systems, premises access control systems, security staff, and so on as necessary expenses, but the protection of their most valuable assets, data and reputation, is relegated to low-cost consumer grade software.

In our online world, bad actors are standing at a business’s virtual doorstep. From half-way around the world, hackers can poke at a system until they get in. The statistics are frightening. However, there is hope. The next generation of security secures systems through advanced technologies such as AI. They are typically referred to as Managed Detection Response (MDR) and Endpoint Detection Response (EDR). Both represent contemporary advancements in anti-malware technology, offering capabilities that surpass those of traditional antivirus solutions. Conventional antivirus software typically relies on basic pattern matching techniques, whereas EDR and MDR employ advanced pattern recognition alongside behavioral analysis. Consequently, these technologies can identify novel malware that has not been previously encountered. A significant advantage of EDR and MDR is their ability to be layered and integrated with one another, as well as with traditional antivirus systems.

Viruses and malware aren’t the only concern. An active hacker in a network can use ordinary IT tools to achieve their mission. These tools are rarely detected by consumer grade antivirus software. Behavioral artificial intelligence (AI) is employed in both EDR and MDR to continuously monitor and analyze each active process for any signs of malicious activity. This technology can identify numerous variants of viruses and malware, while also diagnosing their root causes. Upon detection of malicious behavior, EDR promptly activates remediation procedures to isolate the threat and mitigate potential harm. Furthermore, additional actions, such as rolling back the system to a prior, secure state, are implemented to enhance security.

The distinction between MDR and EDR lies in their operational frameworks. As noted earlier, both represent significant advancements compared to conventional antivirus solutions. In essence, EDR utilizes automation for its processes, whereas MDR combines automation with continuous human oversight, being monitored around the clock by professionals in a Security Operations Center (SOC). EDR and MDR serve as preventative measures. This situation reflects the adage, "you don’t know what you have until it’s gone." Organizations that have suffered losses due to cyberattacks are significantly more inclined to understand the importance of cybersecurity systems compared to those that have not faced such incidents.

The immediate financial impact of a single data breach for even a small business can vary widely, typically ranging from $120,000 to $1.24 million. A risk that’s usually overlooked while the business uses insurance policies, CCTV camera systems, premises access control systems, and security staff to safeguard easily replaced low-cost physical assets. Intangible property has become a businesses most valuable assets, it should be protected accordingly.