EDR vs. Managed Antivirus—Which Solution is for You?

In my last blog, I looked at the difference between managed antivirus (MAV) and endpoint detection and response (EDR). So which one should you choose?

It might surprise you to learn there is room for both in today’s world. SolarWinds® offers both because one simple question determines the need for either. What kind of end users do managed services providers (MSPs) serve? For context, consider these personas:

  • Human resources manager: This person likely has personally identifiable information (PII) on their machine, which is confidential. If a cybercriminal accessed the PII during a breach, individuals and businesses could experience catastrophic damage. Which is why we need to stop attacks in real-time, before they occur. EDR is the obvious choice for this type of end user. The risk and potential cost justify the additional expense.
  • Marketing manager: This individual probably has important files, but probably doesn’t have PII on their machine. For this reason, a combination of MAV, backup, and disk encryption provides a solid, layered defense. Choose MAV for this end user and enjoy the lower cost since most users fall into this category.
  • C-suite or other executive: This person presents the greatest risk when contemplating a breach because both PII and highly valuable data to the business are likely stored on their machine. Not only do you need to protect that data, you need to be able to recover it with a rollback function. Only EDR can help with both.

Cost: is it the bottom line?

Of course, to be objective, we need to address the issue of cost. EDR does cost more per license than traditional MAV—but not prohibitively so. Many customers will balk at the additional expense, but they may be in a position where they can’t afford not to use EDR. If you’d like to read an example of the potential business costs to a customer who chooses to go without EDR, take a look at a recent case study.

If your customer doesn’t have endpoint protection in place at all, we highly recommend counseling them to take advantage of the EDR value proposition. Your customer won’t incur upgrade costs moving from MAV to EDR down the line, and the added peace of mind more than justifies the choice. And for your servers, treat them the same as the high-value assets they host—EDR is your best choice.

If you encounter resistance to EDR based on cost, consider focusing not on what the customer is losing by moving to EDR, but instead on what they are gaining—time. It takes less than a minute to do a rollback versus four to six hours to reimage each device—and you gain insight into what happened. Finally, if a breach does occur, there’s a very real possibility you’ll lose that customer.

The last word

To answer our original question, given the steady innovation EDR offers, there’s room for bot but don’t be surprised to see EDR replace MAV soon. There’s just too much on offer for it not to, given the small differences in per seat license costs.

There is one final point to note: EDR is not a substitute for backup. It goes without saying that backing up your data and storing it off-site remains a cyberhygiene best practice. But together, they’re an incredibly effective one-two punch.

You have options—not just what to deploy, but also who you choose as your vendor. Consider strengths, limitations, and keep an eye toward the future. Today’s costs may very well be tomorrow’s savings.

I hope you’ve found this comparison helpful. Next month we’ll delve deeper into EDR’s rollback function. It’s a game changer, to say the least.

Michael Tschirret, Sr. Product Marketing Manager, EDR

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site