By browsing this site, you are agreeing to our cookie policy. More Information

What is Endpoint Detection and Response?

Security | Sep 15, 2017

Endpoint Detection and Response (EDR) refers to a set of cybersecurity technologies designed to detect and remove malware or other malicious activity on a network. EDR solutions quickly identify and evaluate suspicious activity on endpoints. After identifying a problem, EDR solutions respond by taking action to remove the malware or other issue. 

Traditional endpoints include networked user devices like laptops, desktops, and servers. Today endpoints include an ever-growing number of devices from mobile phones, point-of-sale terminals, manufacturing equipment, medical devices, etc.

Endpoints are crucial to an organization’s daily operations, but are also often the preferred entry point of hackers. As the Internet-of-things (IoT) expands the universe of connected endpoints, it also creates new avenues for hackers to attack systems.

EDR solutions typically will include the following four capabilities:

  • Detecting security incidents by monitoring endpoints for suspicious and/or anomalous activities
  • Investigating technical changes that were made, comparing how those match up to a historical benchmark of endpoint activity, and how those changes are impacting both the device and the overall network
  • Containing the security incident on the endpoint through processes that can be remotely controlled
  • Removing dangerous files and killing unauthorized processes to return the endpoint to a safe state

The Endpoint Detection and Response (EDR) market has grown rapidly over the last several years. Industry Analysts at Gartner estimate that the market for EDR will grow at 45% through 2020 (as compared to 7% growth in the overall cybersecurity market).  

With hackers gaining access to more sophisticated tools and cyberattacks on the rise, EDR will be one of the most important technologies used by businesses and governments around the world.

Why is this Technology Necessary?
Anti-virus and traditional cybersecurity solutions stop threats at the network perimeter. With today’s advanced threats and hacking techniques, organizations cannot stop 100% of attacks. It is not a matter of if, but when, a breach will be successful. EDR exists to deal with the threats that make it past the network perimeter and traditional cybersecurity tools. They are an essential component of layered security strategies that provide better protection.

Cyberattacks on endpoints are rapidly increasing in number and complexity, and as digitization continues to transform business, industry and government, more and more devices will come online. Currently, only about 40 million traditional endpoints (out of more than 700 million) have EDR solutions deployed. The room for growth is clear. Gartner again estimates that 20 billion connected devices will exist by 2020.

What Solutions Are Out There?
While the EDR market is still relatively young, two distinct categories of EDR solutions are emerging.

Full-Function EDR
Full-function EDR refers to purpose-build EDR solutions that offer robust capabilities for threat detection, alert triage with endpoint data, and complete remediation capabilities. Guidance Software’s EnCase Endpoint Security solution is an example of full-function EDR. Automated detection and response capabilities with EnCase Endpoint Security streamline workflows help security teams prioritize the most dangerous threats. A visually intuitive dashboard also integrate with other security tools, to improve results and ROI from other security investments like SIEM alerting tools.

EDR “Light”
EDR “Light” are essentially bolt-on solutions that offer some EDR functionality via endpoint protection platforms (EPP) – security solutions that bring together endpoint security functionality to provide antivirus and other threat prevention. EDR light solutions provide some EDR capabilities to augment endpoint security, but do not provide the most robust capabilities that a fully functioning platform does.

With everything from customer safety, brand reputation, and stock value on the line when it comes to a successful breach, organizations need full-function EDR capabilities.

For More Information on EDR Visit

Check out more on our blog on EDR and Forensic Security

Load more comments
Thank you for the comment! Your comment must be approved first

You May Also Like


EnForce Risk Manager: Redefining Data Privacy & Co...

Have you ever asked yourself if your organization has control over its data?
Feb 4

Finding those Easter Eggs?

We don't mean to egg you on... well, in fact, we do.
Nov 3