Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.
EDR security provides an integrated hub for the collection, correlation, and analysis of endpoint data, as well as for coordinating alerts and responses to immediate threats. EDR tools have three basic components:
Endpoint data collection agents. Software agents conduct endpoint monitoring and collect data—such as processes, connections, volume of activity, and data transfers—into a central database.
Automated response. Pre-configured rules in an EDR solution can recognize when incoming data indicates a known type of security breach and triggers an automatic response, such as to log off the end user or send an alert to a staff member.
Analysis and forensics. An endpoint detection and response system may incorporate both real-time analytics, for rapid diagnosis of threats that do not quite fit the pre-configured rules, and forensics tools for threat hunting or conducting a post-mortem analysis of an attack.