Blog

What Is Endpoint Detection and Response (EDR)?

What it is, who needs it, and how to get it

We know: there are a lot of acronyms to juggle these days, especially in the tech world. 

But EDR is one you’re going to find really useful—and fortunately, it’s pretty straightforward. EDR stands for Endpoint Detection and Response. 

We hear you asking, “What’s an endpoint?” and that’s a great question. 

An endpoint is any physical device that connects to and exchanges information with a computer network. This includes a wide category of technologies: smartphones, desktop and laptop computers, virtual machines, and servers. It also includes Internet of Things (IoT) devices like smart fridges, thermostats, security cameras, smart watering systems, and smartwatches. 

How can we keep all these devices secure? 

When a device connects to a network, there is a flow of information between them. The endpoint—the device—is essentially a gateway to the network; it’s like a door leading into your house. 

The more endpoints you have—by analogy, the number of doors and windows you have leading into your home—the more potential entry points an attacker can target.

Endpoint Detection and Response (EDR) is the cybersecurity tooling that protects each of those endpoints and monitors them for signs of ransomware and other attack vectors. 

Ah… I think I might need this. 

Yep, you’re right. Protecting your ever-expanding number of devices is top priority. The tools that help you do so are categorized into Endpoint Detection and Response: EDR. 

The point of EDR is akin to hiring a security guard specifically for your home, except it’s for your computer or device. It watches over your endpoints and keeps an eye out for any suspicious activities, viruses, or malware. It involves installing specialized software on these devices to identify specific threats. If something strange or wrong is detected, it alerts you or the people in charge of keeping your computer safe, so they can take action and respond to the threat.

You might have heard of MDR in conjunction with EDR. What’s the difference?

We’re glad you asked! It can be tough keeping these acronyms straight, so here’s the difference in plain English: If EDR is like having a security guard protecting your phone, MDR is like hiring a whole team of security guards for your entire organization. 

MDR (Managed Detection and Response) tools and services don’t just focus on one endpoint at a time, but they are used to monitor the entire network and all devices transmitting information to it. MDR combines software, security analytics, and human expertise (like Stratti experts!) to mitigate threats across the network infrastructure. It involves continuous monitoring of network traffic, logs, and security events…and because it’s such a comprehensive and involved service, MDR is often provided by external cybersecurity companies.

Both EDR and MDR help protect against cyber threats. Attending to both the micro and the macro is a crucial element of a secure defensive plan. 

If you need a recommendation of where to start, or what services best fit your organization’s needs, we’ve got you covered. 

Book a call with us to get started on an easy, customized plan.