Endpoint Detection and Response (EDR)
What is Endpoint Detection and Response?
Endpoint Detection and Response (EDR) is the collection of tools that serve to monitor, detect and investigate any suspicious activity on endpoints. EDR is designed to be preventative and predictive. It functions by monitoring all endpoint events and analyzing this data to identify and prevent advanced threats.
Endpoint Detection and Response is often compared to Advanced Threat Protection (ATP) because they both provide similar functions in the overall security system. ATP is designed to detect and combat advanced persistent threats (APT) like a malicious intruder or complex malware.
Monitor, investigate, and triage
Monitor, investigate, triage and mitigate cybersecurity threats on endpoints, including advanced threat-hunting techniques using Microsoft Defender for Endpoint