It was the mid nineteen nineties… Grunge music was still on the radio, I had a cool Honda CRX, that my girlfriend said was “tasty” and I was burning CDs for my friends, on my Windows 98 computer. Life was pretty good, and I was at ease in my cyber security, because I had a top-of-the-line antivirus.
That was about the extent of cybersecurity back then. High-speed Internet was just coming available and many of us were still on dial up. As long as you had Norton or MacAfee or any of 30 other brands of antivirus, you were set.
The way an antivirus works is by definitions. The antivirus manufacturers identified malicious files and updated their antivirus application definitions to block them. As long as Norton know about the virus, we were protected from it.
Right around the year 2000, things started to change. High speed Internet became the norm, requiring everyone to have a firewall at home and virus’ stopped being the only nasty software in town. Spyware moved into the neighborhood, and we needed more software to prevent software from infecting our software. It’s all downhill from there.
Fast forward to today. You still need antivirus but there isn’t a great reason to pay for it. Microsoft has invested a lot into beefing up their Defender software, which comes free with the Windows operating system. Defender will protect you as well as any paid antivirus because it is getting the same definition updates as everyone else.
Macs can get infected but it’s not common. The Apple user base is so much smaller than the Windows user base, there just isn’t enough bang for the bad guy’s buck in infecting Macs. Good cyber practice is probably sufficient with Macs.
Back to Windows: For the past five years or so, we’ve been hearing a bunch of new terms in the antivirus space. Software manufacturers started calling antivirus EndPoint, instead of antivirus, because it protects against more than viruses. Then we heard about EndPoint Detections and Response (EDR). And now we are hearing about Security Operations Center (SOC). So what’s what?
EndPoint Detections and Response (EDR)
EndPoint Detections and Response (EDR) is a layer above traditional endpoint (antivirus) software. While the endpoint software is protecting from known threats, by way of definitions, EDR software monitors behaviors.
Let’s say a bad guy gets on your computer. There are a few things they will do right away to take control. EDR has an algorithm that recognized these behaviors and takes action to prevent bad stuff from happening.
There are a series of EDR type-software packages. Some will call it MDR (Managed Detection and Response). Others are going with XDR (Extended Detection and Response). All claim to be a step up and maybe they are. Still, it’s the same type thing. EndPoint knows if a bad file gets on your computer. EDR watches logs, network traffic, user actions and behaviors. Two layers of security and nowadays, you need both and then some. That brings me to the SOC.
Security Operations Center (SOC)
Security Operations Center (SOC) is and isn’t a software. Where EndPoint and EDR are completely software tools, a SOC is a combination of software and human protection. Software is installed, to allow the human to analyze.
This is actually pretty cool stuff and is well past common in big business. I would expect that cyber insurance carriers will require a SOC within a year or so, as they have been requiring EDR for a couple years now.
The SOC is yet another layer of security:
- EndPoint protects the computer with updated malware definitions. This protects from known threats.
- EDR protects by monitoring behaviors.
- SOC protects with human analysis of many data points, then takes action to prevent bad guys from doing bad stuff.
Like I said, this is all as common today, as Netscape Navigator and Norton Antivirus was in the nineteen-nineties. This is how just we do it now.
Remote Monitoring and Management (RMM)
A nice center piece for all of this security is Remote Monitoring and Management (RMM) RMM is an application that sits on your computer and performs a variety of tasks. Managing operating system and application updates, allowing remote access for IT assistance, monitoring the overall health of the PC, including resource utilization and storage capacity, maintaining an accurate inventory of assets, and centralizing data points for cyber security applications like EndPoint, EDR and SOC, are all RMM features.
If you are managing a business today, you need to simplify IT and cybersecurity. This crazy bunch of acronyms is going to be your best bet. EndPoint, EDR, SOC and RMM. And don’t forget MFA (multi-factor authentication). We’ve talked about that one so I assume you are already there. Look me up on LinkedIn and send me a message if you need help.