EDR - Endpoint Detection and Response
Endpoint Detection and Response (EDR), is an integrated solution for security endpoints that integrates real-time continuous monitoring and data collection from endpoints with rule-based automated response and analysis functions. EDR tools consist of three basic components: agents that collect data from endpoints, software agents that conduct endpoint monitoring and collect data – such as processes, connections, amount of activity and data transfers – into a central database, and configured rules that, in an EDR solution, can recognize when incoming data indicates a known type of security breach and trigger an automated response, such as logging off an end user or sending an alert to an employee. Additionally, solutions in this class include tools to quickly and securely restore systems after an attack. An EDR system can include both real-time analytics tools to quickly diagnose threats and forensic tools to find threats or perform post-attack analysis.