What is EDR - Endpoint Detection & Response

Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. EDR security systems is built to detect and investigate suspicious activities on hosts and endpoints, employing a high degree of automation to enable security teams to quickly identify and respond to threats.

The primary functions of an EDR security system are to:

  • Monitor and collect activity data from endpoints that could indicate a threat
  • Analyze this data to identify threat patterns
  • Automatically respond to identified threats to remove or contain them, and notify security personnel
  • Forensics and analysis tools to research identified threats and search for suspicious activities