ITWissen.info - Tech know how online

endpoint detection and response (EDR)

Endpoint detection and response (EDR) is about continuously monitoring endpoints - which can be desktops, laptops, and mobile devices - for potential threats.

EDR tools should monitor endpoints using static and dynamic detection techniques and continuously document any events that pose a potential threat. This includes unwanted processes involved in botnets. All events are analyzed, investigated, and depending on the findings, security-critical areas are protected more intensively. In the analysis, Machine Learning (ML) can help to quickly detect anomalies in network traffic.

The EDR process is about early detection of external attacks, detecting malware but also threats from own employees, as well as the shortest possible response time and eliminating infections from endpoints.

As attacks become more sophisticated and often consist of multiple attack phases at different levels, Endpoint Detection and Response (EDR) provides administrators and threat hunters with a technique to detect the stealthy and convoluted attacks.

Informationen zum Artikel
Englisch: endpoint detection and response - EDR
Updated at: 29.04.2019
#Words: 250
Links:
Translations: DE