No. Endpoint security serves as the true successor to legacy antivirus for enterprise cybersecurity. First, it offers your IT security team a central management portal, which helps them keep track of all endpoints and maintain visibility. It also allows them to monitor problem areas and suspicious data traffic movement. Additionally, through centralized management, you can also protect the endpoints of remote workforces. Antivirus can’t provide that.
Second, endpoint security can also restrict what devices can or cannot connect to your endpoints. Thus you could bar a USB carrying a malicious malware payload from installing on certain USB ports without permission. Antivirus doesn’t offer such capabilities.
While today’s antivirus solutions can identify and block many new types of malware, hackers are constantly creating more. Many types of malware are difficult to detect using standard methods. For example, fileless malware—a recent development—operates in the computer’s memory, thus avoiding malware signature scanners.
To bolster security, an IT department may implement a variety of endpoint security solutions, as well as other security applications, over time. However, multiple standalone security tools can complicate the threat detection and prevention process, especially if they overlap and produce similar security alerts. A better approach is an integrated endpoint security solution.
Endpoint detection and response (EDR), also known as endpoint threat detection and response, is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. The term describes a security systems that detects and investigates suspicious activities on hosts and endpoints, employing a high degree of automation to enable security teams to quickly identify and respond to threats.
The primary functions of an EDR security system are to:
Introducing EDR is challenging for many companies. On the one hand, integration into an SOC, into a SIEM (Security Information and Event Management) solution and into SOAR (Security Orchestration, Automation and Response) processes is not trivial, but is actually very demanding. On the other hand, the necessary security-related expertise must be available to interpret the EDR alerts and to continuously keep the EDR and the security concept up to date. Setting EDR up once is not enough; the solution’s configurations, detection rules, policies and procedures (playbooks) must be continuously updated to automate SOAR processes. The shortage of skilled workers poses something of a problem in this respect. By 2026, Switzerland will be lacking 40,000 ICT professionals. Many companies do not have the security expertise needed to run EDR operations themselves, so it could be worthwhile for them to examine the Managed Services option for EDR.
Swisscom’s EDR provides end-to-end visibility across all endpoints, e.g. client, server and mobile devices, in order to detect advanced attacks. Automated investigation and remediation of security alerts takes the pressure off the customer’s security and operations team. The Service comprises the following functions:
The Service is implemented together with the Customer within a project and in the following four phases:
The included Swisscom service management services Incidents, Service Requests, Maintenance and Monitoring offer the Customer the following added value:
The service can further be combined with Swisscom’s SOCaaS, CSIRTaaS and Microsoft 365 Management.
Entra a far parte di Swisscom.