SecPlusTrainer / Glossary / What is EDR?
D4 · Operations

What is EDR?

EDR (Endpoint Detection and Response) provides behavioral monitoring, threat detection, forensic investigation, and response capabilities on endpoints — far beyond traditional AV.
EDR records all endpoint activity (process creation, network connections, file changes, registry modifications) for investigation. Behavioral analysis detects unknown threats. Remote isolation capability for IR. Leading EDR: CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne. Essential for modern enterprise.

Related Terms

What is Advanced Malware Protection (AMP)? What is agent-based vs agentless monitoring? What is application allowlisting? What is anomaly detection in security?
← Back to Glossary Practice Questions →