Endpoint Detection and Response
Learn how EDR protects end user devices from being compromised.
Overview
As part of a defense in depth strategy, it should be assumed that an attacker will make their way through the perimeter of network-based defenses and eventually reach an end user’s device (a desktop, laptop, or phone). As a result, the host needs endpoint security to fend off attacks. An endpoint detection and response (EDR) solution primarily does two things:
-
It monitors the host by continually looking for malicious activity.
-
It responds to attacks to protect the host, preserve evidence, and limit further damage to the endpoint and organization.
Capabilities
EDR can provide the following capabilities:
-
Detection: It continuously monitors processes, alerts, and other resources for potentially malicious activity.
-
Integration: It communicates with other tools to provide end-to-end contextual ...