EDR, which stands for endpoint detection and response, is one of the emerging security solutions in the industry. It is an advanced version of the traditional antiviruses (AVs), anti-malware, firewalls, HIDS/HIPS and other endpoint security solutions. Moreover, it is an automated security solution capable of continuously detecting, responding, recording and monitoring suspicious activities and events of endpoints in real-time.
EDR employs machine learning (ML) and artificial intelligence (AI) powered analysis engines to enhance detection and response speeds to suspicious activities and emerging malwares. The analysis engine can be deployed either in the endpoint device itself or on central analysis server.
Security professionals understand that security solutions should always be in a layered defense-in-depth principles. Thus, it is one of the best line of defenses in the endpoint security layer to automatically scan and protect workstations, servers and mobile devices from advanced threats. We can integrate it with other security mechanisms such as NAC, threat intelligence, SIEM, threat feeds, SOAR, etc. to get better endpoint protection.