Endpoint Detection and Response (EDR)

What is Endpoint Detection and Response?


Endpoint Detection and Response (EDR) is the collection of tools that serve to monitor, detect and investigate any suspicious activity on endpoints. EDR is designed to be preventative and predictive. It functions by monitoring all endpoint events and analyzing this data to identify and prevent advanced threats.

Endpoint Detection and Response is often compared to Advanced Threat Protection (ATP) because they both provide similar functions in the overall security system. ATP is designed to detect and combat advanced persistent threats (APT) like a malicious intruder or complex malware.

Monitor, investigate, and triage

Monitor, investigate, triage and mitigate cybersecurity threats on endpoints, including advanced threat-hunting techniques using Microsoft Defender for Endpoint

  • Organize incidents queue to prioritize and create an informed cybersecurity incidents list
  • Set status and classification for investigating incidents
  • Analyze incident details including affected machines, logs, system files, IP addresses, domains, user accounts, etc.
  • Triage alerts with additional business context such as data sensitivity, threat intel, etc.
  • Determine specific remediation steps to address incidents
  • Perform containment and mitigation activities as first-level response
  • Provide resiliency recommendations as part of ongoing improvement

How Can We Help?

Scroll to Top