What is the difference between EDR and traditional antivirus?

Can EDR replace antivirus, or are both needed?

88 Answers

author avatar
Top 20Real User

You can use EDR solutions to track, monitor, and analyze data on endpoints to enhance the fortification of your environment. Generally, EDR tools do not replace traditional tools like antivirus and firewalls; they work beside them to provide enhanced security capabilities. It is becoming the preferred technology for enterprises to provide better security for their networks when compared with the traditional antivirus.

EDR solutions have many capabilities and advantages which are not offered by traditional antivirus programs. It comes loaded with different analytical tools that run in the background to ensure the monitoring and reporting of threats. However, all EDR solutions do not perform the same range of functions. Their scope and nature of activities differ depending on the type of EDR solutions that you choose.

Traditional antivirus programs are more simplistic and limited in scope compared to the modern EDR systems. Antivirus is generally a single program which serves basic purposes like scanning, detecting and removing viruses and different types of malware.

Antiviruses are more of a decentralized security system that falls short of providing adequate security to the ever-expanding digital networks. The IT network and perimeter of enterprises have witnessed even faster growth due to the mobile revolution.

author avatar

Hello EDR can replace a normal AntiVirus and can offer even more, as they can effictively can respond to an attack, isolate the end device or restore destroyed data. After that you can analyse the attack. We're using SentinelOne for us and our customers and are more than happy, as we're protected against new and old ransomware

author avatar
Top 5Real User

So this is what WIKI says about EDR.
EDR systems detect all endpoint threats and provide real-time response to the identified threats. ... EDR systems also collect high-quality forensic data which is needed for incident response and investigations. Overall, EDR security systems are much better equipped at handling cyber threats than traditional antivirus.

But INHO, it depends. It depends on the products you are looking at, it depends on the cost, it depends on what you are trying to cover or prevent from happening and it depends on the tools' capabilities. Some tools are better than others. Some a/v is better then EDR, Some EDR is better than a/v. It's a very active space with a HUGE amount of contenders all vying for your security dollars. You just have to ask them the right questions and bounce their answers against their competitors, your bosses, and your friends opinions to get out of it what you need, for the least cost and most coverage. Do some POCs, RFIs to see what fits for you and your environment and needs first before you decide. Then spend the next 3 yrs extracting every bit of juice out of the tool you can to make it purr like a kitten.

If you don't need it and you can get by on defender as a 80% solution then go with defender. If you need carbon black and mcafee do that. It comes down to your needs and what's good enough for you.

author avatar
Top 5Consultant

EDR is an add-on for Endpoint Protection. EDR is for detecting post-intrusion threats or persistent advanced threats. EDR enables identification and prevention of reconnaissance attack, lateral movement, command and control channel and data filtering. EDR can also analyze user behavior against a baseline.

author avatar

Yes, EDR will replace traditional A/V with most solutions. Make sure to validate with your vendor but the reputable ones certainly cover A/V. You do not need to have both as this is unnecessary overhead. Any (reputable) EDR will have known bad MD5 already included.

author avatar
Top 20User

EDR can replace antivirus, if you get the right EDR solution. A solution that comprises EPP and EDR into one is a replacement for traditional antivirus. EPP provides all the protection you would get from antivirus and more. Happy to discuss further if you have anymore questions

author avatar

There is never 100% security and I'm warning of using too much end-point-protection on the client, as each one has a little bad impact of performance.
And when using two they will slow down each one.
To replace an Anti-Virus just use a good EDR, which replaces the AV and which does even more.

author avatar
Real User

Yes, it is a good level of protection to have EDR alone, but for better protection I recommend having the two solutions together but with different manufacturers between EDR and AV

Find out what your peers are saying about CrowdStrike, SentinelOne, Carbon Black and others in Endpoint Detection and Response (EDR). Updated: April 2021.
473,605 professionals have used our research since 2012.