Home > Software Categories > Endpoint Detection and Response

What is EDR?

Endpoint detection and response (EDR) software, sometimes called endpoint threat detection and response (ETDR), is a type of security tool that allows organizations to monitor the devices that connect to their networks. Endpoints can include smartphones, desktop computers, laptops, and printers.

EDR software’s main function is to monitor endpoint activity on the network and send alerts, although more advanced EDR systems can also take threat remediation actions. It should also integrate with other security tools, like security information and event management (SIEM) software, to provide a full picture of an organization’s cybersecurity.

Find your new EDR software

Why is EDR important?

EDR software is important for an organization’s cybersecurity because it provides better visibility into the devices that access its network. It creates a record of all the actions devices take while they’re connected to the company network, making it easier to identify threats and take the appropriate actions to address them.

Advanced EDR tools use threat intelligence and behavioral analytics to identify threats. When an action mimics a known indicator of attack or a file contains a known malware signature, the system sends an alert to IT to investigate. Similarly, if a device that regularly accesses the network between 9 AM and 5 PM on weekdays randomly logged on at 2 AM on Saturday night, the software would flag that interaction and likely block access until IT could review it. The behavioral change in this scenario could signal a malicious access attempt.

Some EDR software also includes options for automated remediation, which is great for smaller businesses that may not have a large in-house IT staff. Remediation might include blocking a device’s access, quarantining a suspicious file, or simply alerting the security team.

Organizations can also create custom rules for actions that should be disallowed on their network and how the system should handle those scenarios. Businesses that want these automated remediation features should consider EDR with artificial intelligence (AI).

Explore Top Endpoint Detection & Response (EDR) Solutions on eSecurity Planet.

TechnologyAdvice is able to offer our services for free because some vendors may pay us for web traffic or other sales opportunities. Our mission is to help technology buyers make better purchasing decisions, so we provide you with information for all vendors — even those that don't pay us.
In this article...