Endpoint Detection and Response (EDR)

An advanced security solution for endpoints (desktops, laptops, servers) that not only tries to prevent malware (like traditional antivirus) but also continuously monitors and collects activity data on endpoints to detect suspicious behavior and enable a swift response. ‍

‍

EDR tools will record things like processes starting, network connections made, files changed, etc., and use that telemetry to spot potential attacks in progress. For instance, if an attacker somehow got past your antivirus and started moving laterally through your network or using hacking tools on a computer, an EDR system would notice unusual patterns (like a user account suddenly trying to access lots of files it never touched before) and raise an alert.

‍

It can often take automatic action too - isolating a machine from the network, killing a malicious process, or rolling back harmful changes.

‍

In small business terms, EDR is like having a security guard on each computer that watches for intruders sneaking around inside. Solutions like Microsoft Defender for Endpoint or CrowdStrike Falcon are examples of EDR.

‍

While EDR can be more complex and costly than basic AV, it provides a higher level of insight and protection, which can be valuable if you have more at stake. If budget is tight, at least ensure basic AV is in place; but if you can, EDR is a powerful upgrade that greatly improves detection of stealthy threats.