In recent years, cybersecurity threats have continued to increase, making companies and individuals increasingly in need of strong protection. One approach that is being used is endpoint security.
The backdrop to this is the increasing sophistication of cyber attacks, coupled with the rise of remote work and off-site activities, which ultimately expand the scope of endpoints that need to be secured.
In this article, we will discuss in depth the basic concepts of the latest security products, such as
EDR (Endpoint Detection and Response) and
XDR (Extended Detection and Response), the differences between the two, as well as the features required and reasons why this technology is essential.
EDR and XDR: Understanding the Differences Between Them in Cybersecurity
EDR and XDR are both methods of defense against cyber attacks, but they have apparent differences in their approach and functions.
EDR focuses primarily on endpoints, with the ability to detect and respond to threats in real time.
Meanwhile, XDR not only covers endpoints but also integrates various security layers, enabling it to detect and respond to threats from a broader perspective.
In this section, we will compare the features and advantages of each, as well as discuss the situations in which they are most effective.
Understanding EDR
EDR stands for Endpoint Detection and Response, which can be translated into Indonesian as "Deteksi dan Respons Titik Akhir." The term "endpoint" here refers to devices such as computers, smartphones, or servers. In endpoint security, there is also a method called gateway security, which protects the network before data reaches the device, preventing malware or other threats from entering. Examples of gateway security technologies include firewalls, IPS (Intrusion Prevention Systems), and URL filtering.
The term endpoint security may sound unfamiliar, but many people already use it without realizing it—for example, by installing antivirus (AV) software on their computers or devices. Antivirus works by pattern matching using definition files called "signatures" to protect devices. However, the weakness of this method is that it cannot deal with new malware that is not listed in the definition files.
As a development, NGAV (Next Generation Antivirus) or "next generation antivirus" emerged, which not only uses signatures but also analyzes behavior (behavior-based detection) to prevent malware from entering. Even so, NGAV still has limitations in fighting increasingly sophisticated cyber attacks.
This is where EDR comes into play. EDR works by installing a special application called an agent or sensor on the target device. This application continuously monitors the device's behavior, enabling it to detect, investigate, isolate, and recover the device from threats that bypass security gateways, antivirus software, or NGAV.
Understanding XDR
So, what is the difference between XDR and EDR? As the name suggests, XDR (Extended Detection and Response) is not limited to devices (endpoints), but also leverages AI and advanced analytics to monitor various domains across an organization's entire technology environment.
In addition to endpoints, XDR can collect data from various sources, such as SWG (Secure Web Gateway), cloud services, and other security systems. This data is then processed to perform in-depth analysis, while enabling more sophisticated automated responses to security incidents.
Without XDR, organizations typically need to operate multiple EDRs, which can lead to issues such as excessive alerts or difficulty quickly understanding the situation when an incident occurs. In contrast, XDR integrates management not only across endpoints but also across the entire security system, reducing the operational burden on IT or security teams.
In general, XDR systems work in several stages to monitor, detect malware, and prevent security incidents:
- Collecting data, then organizing and standardizing it to become high-quality data that is ready for analysis.
- Analyzing data using machine learning and AI to detect cyber attacks or malicious activity in real time.
- Prioritizing based on the severity of incidents, so teams can focus on handling the most critical cyber attacks first.
Features and Background Required for EDR and XDR Security Products
In today's cybersecurity landscape, the reason why EDR and XDR are increasingly needed is that attack methods are becoming more sophisticated and diverse.
Traditional gateway security is designed to prevent malware from entering in the first place, while AV and NGAV only target known malware, which means that both have limitations.
However, as malware attacks become increasingly sophisticated and varied, the approach to cybersecurity itself needs to evolve. It means we need mechanisms capable of minimizing damage even if unknown malware manages to breach initial defenses.
According to data from Japan's National Center of Incident Readiness and Strategy for Cybersecurity (NISC), nearly 90% of small and medium-sized businesses have installed antivirus software as a security measure. Still, only about 10% or less have implemented additional security measures. For many SMEs, "antivirus" is their only security defense.
This situation is similar to what is happening in Indonesia. Many SMEs in Indonesia believe that installing antivirus software is sufficient to protect their systems. However, cyber threats in the country are also becoming increasingly diverse, ranging from phishing, hacking of business social media accounts, ransomware attacks on hospitals, to customer data leaks in the e-commerce sector.
Relying solely on antivirus software leaves the risk of data breaches and operational losses extremely high if an attack manages to bypass initial defenses.
Antivirus is indeed crucial for preventing malware from entering, but we must also consider the steps to take if an attack succeeds in breaching it, and this is where EDR/XDR comes into play.
Relying solely on antivirus software for security is like placing a security guard only at the entrance to an event but paying no attention to security inside the venue at all. For event organizers, this is unacceptable negligence.
Today, cyber attackers are even leveraging AI to enhance their attack capabilities. Phishing attacks are also becoming increasingly difficult to distinguish from legitimate messages. Therefore, in addition to using strong passwords and two-factor authentication, companies need to implement EDR or XDR and build a robust security system by integrating various tools.
In addition, a significant factor that makes endpoint security, such as EDR and XDR, more important than gateway security is the shift to more flexible working styles, such as telework.
In the past, working in an office was the norm. Data management and sharing were conducted through the company's internal network. This work model created a clear division between "internal" and "external" network security, which aligned well with the gateway security approach.
However, since the COVID-19 pandemic, many companies have implemented telework. Employees now often access and manage data from outside the office, such as from home or satellite offices, via the internet. In this situation, distinguishing between "internal" and "external" networks is not enough to guarantee security. That is why endpoint security, such as EDR, is becoming increasingly important.
Features Needed to Address Threats
Companies need security products that can respond to threats quickly and effectively.
Here are the features required, along with how they contribute to a company's security strategy:
1. Ability to collect and analyze information
Not only from endpoints, but also from cloud services or SWG (Secure Web Gateway), the system needs to collect information related to security events and analyze it correlatively. This enables root cause detection and rapid response.
2. Automated response
The key to this feature is machine learning. To prevent malware attacks from the outset, automated responses based on machine learning are required to detect and respond to threats in real time.
3. Features for handling incidents after they occur
For security teams to study cyber attack patterns and characteristics in depth, the system needs to be equipped with statistical processing and conditional search capabilities so that post-incident analysis can be carried out effectively.
EDR Adoption Rate in Indonesian Companies
Recently, Indonesia was rocked by two major incidents: a ransomware attack that paralyzed Bank Syariah Indonesia (BSI) and an attack on the National Data Center (PDN). These two events demonstrate how vulnerable important institutions are to cyber attacks, especially when data protection and backup systems have not been optimized with the latest security standards.
Despite the growing threat, the adoption rate of EDR (Endpoint Detection & Response) in Indonesia remains low. Most companies still rely on traditional antivirus and firewalls, making it easier for advanced ransomware attacks to penetrate defenses. This situation creates significant security gaps in many industrial sectors.
According to the 2024 Corporate IT Utilization Trends Survey by JIPDEC, EDR/NGAV adoption in Japan has reached 37.2%, though it has been steadily increasing year over year (27.5% in 2021 → 33.2% in 2022). Furthermore, in 2024, 22.1% of Japanese companies reported that they are planning to implement EDR, with this figure being the highest compared to adoption plans for other security solutions.
This indicates that in both Indonesia and Japan, despite increased awareness, EDR is still not the primary standard. However, with increasingly complex ransomware and targeted attacks, the adoption of EDR and layered backup should be a top priority.
The Benefits of EDR and XDR and Considerations for Implementation
The benefits of using endpoint security products such as EDR and XDR are diverse—for example, rapid threat detection, efficient incident response, and overall improved security. Here, we will discuss the specific benefits of XDR and considerations before implementation
Advantages of XDR
The three main benefits of implementing XDR are as follows.
Enhanced Security
The most significant advantage of implementing XDR is improved security, which enables companies to protect their confidential information from various types of cyber attacks. XDR not only collects data from endpoints, but also from various other layers, and then analyzes threats in an integrated manner. This enables XDR to detect and protect against unknown malware quickly.
Minimize Losses
XDR monitors the entire network comprehensively, so even if there is an intrusion on one server or endpoint, the threat will not spread throughout the system. Thus, losses can be minimized.
Cost Savings
With XDR, companies no longer need to implement multiple security products or tools separately. Additionally, XDR typically analyzes, detects, and controls security incidents automatically. This reduces the need for specialized security teams, thereby lowering management costs and operational overhead.
Things to Consider When Implementing XDR
With XDR, companies no longer need to implement multiple security products or tools separately. Additionally, XDR typically analyzes, detects, and controls security incidents automatically. This reduces the need for specialized security teams, thereby lowering management costs and operational overhead.
Integration with Existing Security Infrastructure
When implementing XDR, consider how XDR will integrate with existing security gateways and endpoint security. Be sure to check compatibility and ensure that integration will run smoothly.
Implementation Costs
As mentioned earlier, implementing XDR can be more cost-effective than using multiple separate security tools. However, the cost can vary depending on the level of security required and the scale of the company. Especially for small and medium-sized businesses, the budget that can be allocated for cybersecurity is usually limited.
Scalability
Scalability is the ability of a system, device, or software to be expanded, indicating how well it can adapt flexibly to future increases in usage load. When selecting XDR, it is essential to consider the company's future prospects and the business areas it operates in.
Cloudmatika's XDR Solution
Although generally referred to as XDR, there are many products that utilize this security solution. Here, we will introduce Cloudmatika Cyber Protection, provided by Cloudmatika, one of the many XDR solutions available.
Cloudmatika is a fully cloud-based backup solution that can be easily implemented without any initial costs. This solution combines data protection and utilization functions in one package, making it suitable for use by various companies regardless of their size or industry type.
Cloudmatika Cloud Backup as an Integrated Backup Solution with Advanced Security
The main reasons why Cloudmatika Cloud Backup is the preferred choice are as follows.
Efficient and Secure
With Cloudmatika Cloud Backup, you can perform backups with just one click. Cloudmatika Cloud Backup uses an image backup method that captures the entire system image, including all applications, files, user accounts, and various settings at once. Therefore, if data is ever lost, you can quickly restore it and resume your work.
Additionally, Cloudmatika Cloud Backup adopts the highest security standards used by the United States military. All file transfers are protected with AES-256 encryption, and files are encrypted before being uploaded, ensuring that security remains guaranteed.
Advanced Ransomware Protection
With Cloudmatika Cloud Backup, you can perform backups with just one click. Cloudmatika Cloud Backup uses an image backup method that captures the entire system image, including all applications, files, user accounts, and various settings at once. Therefore, if data is ever lost, you can quickly restore it and resume your work.Cloudmatika Cloud Backup is equipped with AI-based technology called Advanced Security. This feature instantly detects and blocks suspicious modifications to files, backup data, and backup software, and performs direct data recovery. Not only known ransomware but also unknown ransomware attacks can be detected, ensuring your essential data remains well-protected.
Capable of Handling Various Endpoint Threats
In addition to ransomware, endpoint devices also face various other threats. With
Cloudmatika Cyber Protection, the following cyber attacks can be prevented before they occur:
- Zero-Day Threats
A zero-day threat is a cyberattack that exploits a software vulnerability before an official update or patch is available. According to one study, approximately 80% of security breaches originate from zero-day threats, making advanced endpoint security solutions essential for every company.
- Web-Based Threats
Most endpoint security threats originate from the web, making access control to unsafe websites a critical step.
- Advanced Persistent Threat (APT)
A zero-day threat is a cyberattack that exploits a software vulnerability before an official update or patch is available. According to one study, approximately 80% of security breaches originate from zero-day threats, making advanced endpoint security solutions essential for every company.APT is a type of cyber attack that is carried out in a targeted manner and lasts for an extended period of time. After gaining initial access, attackers can remain undetected in a company's network and slowly cause significant damage.
- Fileless Attacks
These attacks do not install malicious code on the company network, but instead exploit legitimate system tools, making detection extremely difficult.
- Data Theft
If data can be accessed from endpoint devices, the risk of theft remains, regardless of whether the data is stored in the cloud or not.
Performance with Exceptional Value
Using Cloudmatika Cloud Backup requires no upfront costs. Subscription fees start at Rp 200,000 per month with flexible package options tailored to your needs. Operation and management are straightforward, and settings can be adjusted remotely, saving you time and money.
Additionally, Cloudmatika Cloud Backup can be enhanced with optional features such as Advanced Security and Advanced Security + XDR , offering advanced cybersecurity protection. The following section will explain the Advanced Security + XDR features.
Introduction to Advanced Security + XDR Features
The Advanced Security + XDR feature includes the following services:
- Ransomware Protection Function – Active Protection
- Advanced Antivirus & Antimalware
- Exploit Prevention and URL Filtering
An exploit is an attack or program that takes advantage of vulnerabilities in an OS or software.
Forensics is an investigative and analytical technique used to investigate, find the cause of, and handle incidents when cyber attacks or illegal actions occur.
- Malware Scanning on Backup Data
- Safe Recovery
- Whitelist
- Incident management through a centralized incident page
- Visualization of incident scope and impact
- Recommendations and repair guidelines
- Check for attacks on publicly exposed workloads using Threat Feed
- Security event storage for up to 180 days
Eliminate "Unexpected Situations" with Cloudmatika Cyber Protection
By adopting Cloudmatika Cyber Protection, you can protect your company's essential data from increasingly sophisticated cyber attacks. This service has all the necessary features, and with the addition of the XDR Solution, advanced security can be achieved.
For many companies, security incidents are "unforeseen situations." Despite various preventive measures, cyberattacks can still occur. However, during the rise in ransomware attacks, when a company becomes a victim, it can no longer use the excuse of "we didn't anticipate it" to avoid responsibility.
By combining gateway security, traditional endpoint security, and an integrated XDR Solution in
Cloudmatika Cyber Protection, you can reduce the risk of "unexpected situations" to almost zero.
We offer a free 14-day trial.
Contact us here for further consultation on your business security needs.
English
Indonesia