Security

Endpoint Detection and Response (EDR)

Security solutions that monitor endpoint devices for suspicious activities, providing visibility, detection, investigation, and response capabilities for security threats.

Also known as:EDREndpoint Security

What is Endpoint Detection and Response?

Endpoint Detection and Response (EDR) is a category of security tools that continuously monitor endpoint devices to detect, investigate, and respond to cyber threats. EDR goes beyond traditional antivirus by providing deep visibility and advanced threat detection capabilities.

Core Capabilities

Detection

  • Behavioral analysis
  • Machine learning
  • Signature-based detection
  • Anomaly detection

Investigation

  • Full endpoint visibility
  • Process trees
  • File analysis
  • Memory forensics

Response

  • Threat containment
  • Remote remediation
  • Automated response
  • Forensic data collection

Key Features

Continuous Monitoring Real-time collection of endpoint activity.

Threat Intelligence Integration with threat feeds and IOCs.

Forensic Analysis Historical data for investigation.

Automated Response Playbooks for common threats.

EDR vs. Traditional AV

EDRTraditional AV
Behavioral detectionSignature-based
Continuous monitoringScheduled scans
Investigation toolsLimited visibility
Response capabilitiesBlock/quarantine only
Cloud-basedMostly on-device

Modern Evolution

XDR (Extended DR) Integrates multiple security layers.

MDR (Managed DR) Outsourced monitoring and response.

Popular Solutions

  • CrowdStrike Falcon
  • Microsoft Defender for Endpoint
  • SentinelOne
  • Carbon Black
  • Cortex XDR
Previous

Encryption

Next

EU AI Act