Defense & Operations
EDR (Endpoint Detection and Response)
Also known as: Endpoint Detection and Response
Definition
An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts.
Examples
- CrowdStrike Falcon alerting on a suspicious child process of MSHTA followed by network connections to a known C2.
- Microsoft Defender for Endpoint isolating a host after detecting credential dumping with mimikatz.
Related terms
EPP (Endpoint Protection Platform)
A preventive endpoint security suite that combines antivirus, anti-malware, host firewall and exploit protection to block threats before they execute on a device.
XDR (Extended Detection and Response)
A security platform that unifies telemetry from endpoint, network, identity, email and cloud sensors to deliver correlated detections and integrated response actions.
NDR (Network Detection and Response)
A network security technology that analyses traffic — including decrypted, metadata and flow data — using behavioral analytics and ML to detect threats and orchestrate response.
SIEM
A platform that aggregates, normalizes and correlates security telemetry from across the enterprise to enable detection, investigation, compliance and reporting.
Indicator of Compromise (IoC)
Indicator of Compromise (IoC) — definition coming soon.
Threat Hunting
Threat Hunting — definition coming soon.