endpoint detection and response (EDR)

Endpoint detection and response ( EDR) is about continuously monitoring endpoints - which can be desktops, laptops and mobile devices - for potential threats.

EDR tools monitor endpoints using static and dynamic detection techniques and continuously document any events that pose a potential threat. This includes unwanted processes involved in botnets. All events are analyzed, investigated and, depending on the findings, security-critical areas are protected more intensively. In the analysis, machine learning( ML) can help to quickly detect anomalies in network traffic.

The EDR process is about early detection of external attacks, detection of malware but also threats from own employees. It is also about the shortest possible response time and eliminating infections from endpoints.

As attacks become more sophisticated and often consist of multiple attack phases at different levels, Endpoint Detection and Response (EDR) provides administrators and threat hunters with a technique to detect the stealthy and convoluted attacks on endpoints.

Other concepts for detecting attacks and triggering response include Network Detection and Response(NDR), which starts at the network level login, and Extended Detection and Responsec( XDR), which takes a holistic approach.