In the world of Antivirus, there are a number of different levels or grades. In cost terms, these range from completely free, up to the more expensive services. All of these different products can be confusing, and the obvious question is “if there is a free solution, why would I pay?!”
Here we will explore the differences in these products, using an analogy for a security guard / doorman protecting a venue!
This guy works for free, needs very little management.
He’s not the best at detecting threats and is often limited to comparing existing mugshots or grabbing people that look to be carrying inappropriate objects.
This is ideally the absolute minimum level of defence a business should have.
This allows all of the security guards to work together by reporting what they find to a central location. This is often a dashboard.
When a security guard detains someone, this is highlighted on the dashboard for I.T teams to see. The security team can often have rules that they can follow by allowing specific people in, out or to follow certain actions.
The important thing here is that I.T is informed of what’s happening with any detected threats
Advanced is very similar to standard, it has additional methods of tracking behaviours. It can track how people move, their behaviours and if they keep coming back with slightly different disguises.
They can spot if individuals may start talking with other normal people once inside, and suggest they go to another club or destination.
The security guards also track the behaviours of people. Are they tapping on windows or seeing if a door is open, perhaps going behind the bar?
Protection has increased for this service by using website and domain level protection. This works by checking the categories and threat risk of any websites that may try to be opened.
If only Hansel and Gretel had this type of protection before going to the gingerbread house!!
EDR (Endpoint Detection and Response)
EDR allows the security team to track and monitor all activities by any potentially dubious characters.
You now have a team of security staff that can talk to each other. Should a threat be detected, as well as passing info to a central office, this info can be shared with other security members to look for similar people / threats.
They can often see a breadcrumb trail of how the threat has gained access, allowing these loop holes to be resolved or relevant training given to bar staff on how to do better next time.
Due to the nature of how the tracking works, search and destroy can also be accomplished. This hunts out anything that matches the discovered threat.
Many cyber insurance companies are now asking for this as default level due to how powerful it is for threat management and containment.
SOC (Security Operations Centre)
In addition to the above services, SOC allows additional rules of engagement to be agreed when a threat status has been reached. For example multiple attackers or a certain risk of character. These actions can be as simple as quarantining the area or section of a bar to reduce any further exposure.
(Stopping the machines accessing the network or powering it off).
This is done by a team watching logs, cameras and the feedback of the security guards.
As most attacks are done out of hours this 3rd party SOC team keep an eye on servers in the night. (They have some cool night vision scopes!).
If you would like to chat about which level is right for you, or your business, please get in touch!