Believe The Hype: All SMBs need the security endpoint protection technologies provide

Advertising is tricky. Consumers, continually bombarded by ads, are rightfully skeptical of many marketing messages. This is as true for technology-related claims as anything else. But for every questionable campaign—General Motors’This is not your father’s Oldsmobile” rebranding comes to mind—there’s a resounding success—like the California Milk Processing Board’s “Got milk?” effort. 

Determining whether advertising messages can be trusted is challenging. One thing we know, though. Small and midsize businesses (SMBs) can rest assured the hype surrounding new Advanced Threat Protection (ATP), Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) solutions is legitimate. The relatively new antimalware technologies are, just like Coca-Cola, “the real thing”. 

What is ATP and why should an SMB care?

Just what makes ATP endpoint protection important and a necessary component for every SMB? For starters, the days of setting-it-and-forgetting-it, simply installing an antivirus agent and walking away, are over. The old method definitively and demonstrably no longer works or provides effective protection. Malicious actors’ attacks have become much more adept and nuanced, vulnerabilities continually find new and surprising ways of recurring and dangerous and disruptive ransomware infections are only encouraging criminals. 

Cyber attacks have become more creative. By targeting their attacks, demonstrating patience, collecting information and using insights gleaned from social media posts, LinkedIn pages and similar sources, threats are much more advanced than in the past. Social engineering efforts are also much more polished. 

In short, cyberthreats have never been greater, more effective and so widespread. The stakes have become too great. 

As Valvoline once famously noted, “motor oil definitely is not motor oil.” A significant and measurable difference often exists between various products. Certainly, that’s the case for ATP technology and so-equipped Endpoint Protection Platform (EPP) applications, such as CrowdStrike Falcon Pro, ESET Protect Advanced, Microsoft Defender for Business and Sophos Intercept X Endpoint. 

ATP-powered endpoint protections don’t just incorporate traditional heuristic strategies and try identifying malicious code and viruses by recognizing the offending software’s signatures. The “advanced” portion of the ATP acronym refers to the technology’s adoption of artificial intelligence (AI) and machine learning (ML) innovations to more effectively recognize and prevent infections, learn from previous cases and experiences and better protect SMBs and their data. 

When choosing an ATP-enabled platform, SMBs have a choice. Firms may either purchase the software directly from the software manufacturer and deploy and maintain the application themselves. Or, some organizations may choose to have an IT consultant or services provider purchase and manage the software for them. 

What is EDR and why should an SMB care?

Detection response tools, commonly referred to as Endpoint Detection and Response (EDR) solutions, are another antimalware option SMBs can consider. Whereas ATP technologies include products providing safeguards against advanced cyberthreats and sometimes a broader approach that can also include firewall services and intrusion detection and prevention systems, EDR platforms monitor endpoint activity and employ behavioral analysis and ML techniques to more aggressively surface suspicious behaviors and prevent infections and attacks, while also boasting automated response capabilities. 

EDR products—such as Harmony Endpoint, Malwarebytes Endpoint Detection and Response and SentinelOne Singularity for Endpoint—incorporate a more advanced threat-seeking approach. These platforms also provide IT teams with additional incident information useful when responding to incidents. 

As with ATP technologies, SMBs have a choice when adopting an EDR solution. Companies can purchase and administer the software themselves. Alternatively, firms can use an IT services partner to purchase and maintain the application for them. 

What is MDR and why should an SMB care?

The key with any endpoint protection strategy is to ensure the solutions are properly deployed, managed and maintained. Firms that seek to outsource endpoint protection entirely, and all the corresponding functions and responsibilities, can consider a third option: Managed Detection and Response, often referred to as MDR. With MDR, SMBs can offload corresponding endpoint and other systems security to a third party. 

MDR services typically provide 24×7 monitoring and detection. In addition, MDR platforms include features to assist incident investigation and mitigation activities. An MDR solution proves a potential compatible fit for SMBs that don’t possess the knowledge, expertise or resources to manage such cybersecurity functions in-house. 

There are numerous MDR providers. Leading MDR platforms include those from Arctic Wolf, Rapid7 and Sophos. 

When adopting an MDR approach, SMBs typically work with a Managed Services Provider (MSP), Managed Security Services Provider (MSSP) or some other third-party IT services partner. The consultant or services firm is then responsible for purchasing and licensing the software, as well as administering and maintaining the antimalware technology. 

Centralized Monitoring and administration are key

To prove fully effective, antimalware programs should feature centralized administration, meaning the software agents deployed on each endpoint—whether a smartphone, iPad, desktop, laptop, server or other piece of equipment—are continually managed and monitored. Centralized administrative portals provide IT professionals with the platform needed to productively administer and maintain effective endpoint protection throughout an organization. 

Don’t believe centralized management is just a suspicious snake-oil pitch. The Cybersecurity & Infrastructure Security Agency (CISA), itself an arm of the US Department of Homeland Security, encourages organizations to prioritize centralized log management. The agency also recommends firms actively monitor antivirus software and employ endpoint and detection response tools. 

Antimalware agents become corrupt. Software continually requires updating. Occasionally antivirus components stall and require restarting. On other occasions, the software may surface important alarms that require attention or generate concerning log file information. Only actively monitoring and administering a centralized antimalware solution powered by advanced technologies should give an organization the confidence that such a fundamental first step in battling cyberthreats is in place. 

Need help?

Louisville, it turns out, is the birthplace of the truth in advertising movement. So trust Louisville Geek’s telling it straight when saying a properly managed endpoint protection strategy is an important consideration for all SMBs. CISA, as well as others, confirm the need for an actively managed and capable cybersecurity approach. 

Further confusing matters, many software developers offer different ATP and EDR tools and products that incorporate multiple endpoint protection strategies within a single platform. In still other cases solution providers offer Extended Detection and Response (XDR) products that proactively automate many cybersecurity protections, while also offering broader network and cloud integrations. 

So it’s understandable if you or your firm have questions. Should your SMB need assistance determining the best options for securing its network and systems, drop us a line at 502-897-7577 or [email protected]. 

We’re happy to share our experience and expertise. And like any good business partner, we’re happy to provide testimonials, long one of the most effective methods of confirming the legitimacy of any marketing message.