EDR (Endpoint Detection and Response)
What is EDR (Endpoint Detection and Response)?
EDR (Endpoint Detection and Response)An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts.
Endpoint Detection and Response (EDR) deploys a kernel- or user-mode agent to laptops, servers and virtual machines to stream rich telemetry — process trees, command lines, file writes, registry changes, network connections, script content — to a cloud analytics back end. Behavioural rules, ML and threat-intelligence matching produce alerts that analysts can pivot through using full process lineage, and response actions such as host isolation, file quarantine, remote shell and rollback are executed from the same console. EDR is the foundation for XDR and most modern incident response workflows. Common products include CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne and Carbon Black.
● Examples
- 01
CrowdStrike Falcon alerting on a suspicious child process of MSHTA followed by network connections to a known C2.
- 02
Microsoft Defender for Endpoint isolating a host after detecting credential dumping with mimikatz.
● Frequently asked questions
What is EDR (Endpoint Detection and Response)?
An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts. It belongs to the Defense & Operations category of cybersecurity.
What does EDR (Endpoint Detection and Response) mean?
An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts.
How do you defend against EDR (Endpoint Detection and Response)?
Defences for EDR (Endpoint Detection and Response) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for EDR (Endpoint Detection and Response)?
Common alternative names include: Endpoint Detection and Response.