Body
OVERVIEW
SFU is committed to protecting the digital information and systems that are critical to teaching, research, and university operations. Cyber attacks and phishing attempts are on the rise and continue to get more sophisticated. Endpoint Detection and Response (EDR) is a proactive security solution that protects against malicious activity before it can create a problem to the end user. EDR software runs in the background of your managed device and if/when malicious activity is identified, you will receive a pop-up notice.
DETAILS
SFU is committed to protecting the digital information and systems that are critical to teaching, research and university operations.
Cyber-attacks and phishing attempts are on the rise and continue to get more sophisticated. IT Services strives to protect and mitigate cybersecurity risks for SFU.
EDR FREQUENTLY ASKED QUESTIONS
What is endpoint detection & response?
Endpoint Detection and Response (EDR) is a proactive security solution that protects against malicious activity before it can create a problem to the end user. To recognize and respond to potential threats and to protect the SFU community’s information and data, IT Services is creating a more secure digital space and will continue to execute projects like EDR from its latest security plan.
Why is EDR being implemented?
EDR, along with other information security initiatives such as Multi-Factor Authentication (MFA) and regularly resetting our passwords, are proactive ways we can enhance our ability to counter cyber-attacks and better protect the SFU community.
IS EDR Monitoring my files or webpages I visit?
No. EDR software monitors malicious application activity and doesn’t monitor individual use or their files. It is NOT monitoring and reporting individuals’ activities on the web nor processing or indexing their files or other information on their computers. The new EDR program monitors what applications are doing on your computer – not you.
How does it Impact Managed Devices?
Users don’t need to do anything and won’t notice any differences on their managed devices unless there’s a malicious attack on their computer. EDR software runs in the background of your managed device and if/when malicious activity is identified, you will receive a pop-up notice. Users with EDR installed may also notice a new green circle icon in the menu on your device.
How edr can help mitigate effects of a ransomware attack?
EDR works at the kernel level, to evaluate and prevent activity that the operating system simply shouldn’t be doing. As compared to anti-virus software which uses canned heuristics or file-based signatures to block activity.
Example: Ransomware is trying to encrypt a file system. If standard Windows tools are used to start the encryption, anti-virus won't stop it because it's not malware per se. It's a Windows process doing its job. However, EDR would stop it because the process that kicks off the encryption isn't started by Windows security policy or other standard deployment methods. Endpoint detection and response works by observing endpoint and system events and recording the data in a focal database to facilitate examination, location, detailing, and alerting occurrences.
What if I don't have an sfu managed devices?
SFU faculty and staff without managed devices are encouraged to opt-in to being managed, which allows for continual software updates and enhanced security via the Endpoint Detection and Response (EDR). This provides greater cyber security measures for SFU IT systems. Contact your local IT support to opt-in to having your device managed. For general assistance, Get Help from the Service Desk.
For unmanaged devices, IT Services has secured some licenses for Trend Micro Apex One, an enterprise class endpoint security software. It is available to faculty and staff through March 19, 2025.
What do I do if my application is blocked by edr?