Home/Glossary/Endpoint Detection and Response (EDR)

Endpoint Detection and Response (EDR)

Security software that monitors endpoints for malicious activity, enabling rapid detection and containment.

Security Operations

EDR agents collect telemetry from laptops, servers, and cloud workloads to identify suspicious behavior in real time.

What EDR solutions provide

  • Behavioral analytics to catch fileless attacks.
  • Isolation controls to quarantine compromised endpoints.
  • Investigation timelines that reconstruct attacker actions.
  • Integrations with SOAR or incident response tooling for faster containment.

Deployment best practices

  • Roll out in visibility mode, then enforce blocking.
  • Define playbooks for responding to high-severity alerts.
  • Pair with threat hunting to validate detections.

Related Tools

Related Articles

View all articles
Zero Trust Architecture: A Practical Guide for Cloud Security

Zero Trust Architecture: A Practical Guide for Cloud Security

Learn how to implement Zero Trust architecture in AWS, Azure, and GCP. This guide covers the core principles, implementation strategies, and common pitfalls.

Read article →
Case Study: Airline Cybersecurity Strengthening

Case Study: Airline Cybersecurity Strengthening

From Active Breach to Robust Defense: A Comprehensive Cybersecurity Transformation

Read article →
Choosing Between MDR, EDR, MSSP, XDR, and SOC

Choosing Between MDR, EDR, MSSP, XDR, and SOC

In today’s rapidly evolving digital landscape, cyber threats are more sophisticated, frequent, and damaging than ever before. Businesses face everything from ransomware attacks and phishing schemes to...

Read article →
CrowdStrike MDR: 24/7 Business Protection

CrowdStrike MDR: 24/7 Business Protection

At 2:47 AM on a Saturday morning, alarms began flashing in InventiveHQ’s Security Operations Center. CrowdStrike’s AI-powered detection engine had identified suspicious PowerShell activity on a health...

Read article →

Explore More Security Operations

View all terms

Chronicle Security Operations

Google Cloud security analytics platform that provides threat detection, investigation, and response using Google infrastructure and intelligence.

Read more →

Managed Detection and Response (MDR)

A security service that combines technology and human expertise to detect, investigate, and respond to threats 24/7.

Read more →

Microsoft Sentinel

Microsoft cloud-native SIEM and SOAR solution that provides intelligent security analytics and threat detection across the enterprise.

Read more →

SBOM (Software Bill of Materials)

A comprehensive inventory of all components, libraries, and dependencies that make up a software application, enabling transparency in the software supply chain.

Read more →

Secrets Management

The practice and tooling for securely storing, accessing, rotating, and auditing sensitive credentials like API keys, passwords, certificates, and encryption keys.

Read more →

Security Information and Event Management (SIEM)

A platform that ingests security telemetry, correlates events, and surfaces alerts for investigation.

Read more →
Back to glossary