Endpoint detection and response (EDR) is an integrated approach to endpoint protection that provides live monitoring capability with rule based automated response. EDR can be used for endpoints like desktops, mobile devices, and IoT devices. While SOAR is used to automate and improve efficiency of overall security tasks, EDR focuses solely on individual endpoint security. We also have extended detection and response (XDR) which was developed to cover for gaps that EDR couldn’t cover. When data moves beyond endpoint perimeter, XDR was necessary to cover wider range into the network. XDR provided the bigger range for customers without the higher cost of SIEM or SOAR.
EDR records all activities on endpoints and provides comprehensive visibility real time. Just like SOAR, EDR comes with threat detection and investigation and response tools. 5 key factors to consider when purchasing EDR is endpoint visibility, intelligence database, behavior based protection, speed, and if it is cloud based. EDR is ultimately a defense in depth solution that may potentially capture threats that may not be caught by other solutions like a firewall. Its capability includes ability to detect, contain, investigate, and eliminate threats.
HansITAcademy 