EDR (Endpoint Detection and

Response)
What is EDR?
Endpoint Detection and Response
(EDR), also referred to as endpoint
detection and threat response (EDTR), is
an endpoint security solution that
continuously monitors end-user devices
to detect and respond to cyber threats
like ransomware and malware.

EDR is defined as a solution that

“records and stores endpoint-system-
level behaviors, uses various data
analytics techniques to detect suspicious
system behavior, provides contextual
information, blocks malicious activity, and
provides remediation suggestions to
restore affected systems.”
web
server

mail
server
What Are The Characteristics of EDR
Cyber Security Solutions?
Detection : Detecting threats is a core capability of an EDR solution. EDR solution
continuously analyzes files to flag down those showing signs of malicious behaviors. If a
file initially passes as safe but a few days later begins to show ransomware activity, the
software can still detect the file and alert your security team so they can take action.
Containment : After the detection of a malicious file, an EDR program can contain it to avoid
infecting legitimate processes, applications, and users. Segmentation can be beneficial in your
organization, preventing a lateral movement of advanced threats in your network.
Investigation: After detecting and containing the malicious file, the EDR solution should be further
investigated. If the file was able to pass through your defenses the first time, it only means that there's
a vulnerability present. It could be possible that the threat intelligence failed to detect it as it has never
encountered this kind of threat before. Another reason could be the outdated application. Without
properly investigating, you won't get to the root of the problem. As a result, your network might just
experience the same threats again.
How Does EDR Work?
How Does EDR Work?
THANKS!
Any
questions?