Endpoint detection and response (EDR) is a category of security tools that monitor end-user hardware devices across a network for a range of suspicious activities and behavior, reacting automatically to block perceived threats and saving forensics data for further investigation.
An EDR platform combines deep visibility into everything that’s happening on an endpoint device — processes, changes to DLLs and registry settings, file and network activity — with data aggregation and analytics capabilities that allow threats to be recognized and countered by either automated processes or human intervention. Endpoint here generally means any end-user device, from a laptop to a smartphone, and can encompass IoT gadgets as well.
