EDR & Antivirus Roles in MXDR
Summary
In this video, Jeff Teitelbaum from Securus360 demonstrates how traditional antivirus and endpoint detection and response (EDR) solutions work together to protect K–12 devices. While antivirus software identifies known threats, EDR focuses on suspicious behaviors—like automatically downloading and executing files—that could signal an attack. By coupling both, schools can strengthen their defenses, ensuring a faster response to emerging threats and preventing malicious activities before they compromise devices.
Full Transcript
Hello everyone, my name is Jeff Teitelbaum and I'm here with another K-12 Cyber Security Minute from Securus360. Today, we're gonna take a quick look at the roles EDR and antivirus play when it comes to protecting your endpoints. Let's dive in. So we're gonna take a look at two different scenarios here. The first one, if we go ahead and open this simple little utility, first what we're gonna do is we're gonna trigger the antivirus and see what happens here.
As expected, we ran that simple little antivirus test and it found it no problem. It is just kind of a test file, but nevertheless, Defender, Basic Defender, and of course the ones after are going to consider that malicious. Now this machine does not have EDR on it. Let's go ahead and see what happens. Now, if you noticed a PDF just popped up automatically, so it was downloaded and then automatically executed.
Any decent EDR should stop that behavior. It is rather suspicious. Granted, it is not malicious in and of itself because the PDF is not, but the technique is extremely malicious. And those are the things that, and one of the many things that an EDR should look out for at minimum downloading and then auto executing.
Next, let's take a quick look at what happens on a machine with EDR.
First we'll run that same antivirus test just to show the consistency, right? It was able to see that test file, not malicious, but again, basic defender, or if you have a more fancy one like P1, P2, that's definitely gonna find that. Now let's see what happens if we try that same technique on one with EDR.
Again, very suspicious behavior to download something and then auto execute it. And this is just a brief demonstration of the power of coupling a antivirus, which is going to look for the known threats versus something like EDR, which is going to look at more of the behavior and stop that right in its tracks for any attacker has a chance to compromise you.
