Endpoint detection and response solutions collect, record, and store large volumes of data from endpoint activities to provide security professionals with the comprehensive visibility they need to detect, investigate, and mitigate advanced cyber threats.
Traditional antivirus solutions, as well as other, more-pointed solutions, provide enterprises with preventative endpoint protection, which means they react to new files entering a system and, if deemed malicious, automatically stop them from running. Despite this, attackers are still able to penetrate endpoints. This is because they use innovative techniques that stealthily compromise systems without triggering these defenses.
Endpoint detection and response, or EDR, solutions provide a different capability to the security stack. With EDR in place, security teams can continuously collect, record, and store endpoint data, providing them with surveillance-like visibility they can use to investigate a past incident or to proactively hunt for threats in their environment.
EDR is often equated to highly skilled security professionals or security operations centers (SOCs), who use their advanced experience and knowledge to navigate the EDR data stores to uncover subtle activities that indicate compromise. However, next-generation antivirus (NGAV) solutions are now incorporating EDR capabilities to help security teams of all sizes and skill levels identify threats and investigate incidents beyond prevention.