Endpoint Detection and Response (EDR)
EDR monitors endpoints for suspicious behavior and helps respond to threats.
Updated: 2026-03-05
Definition
EDR focuses on endpoint visibility and behavioral detection (processes, network connections, file changes).
It often supports containment actions such as isolating a host or killing a malicious process.
Key points
- Endpoint-focused detection and investigation
- Response actions: isolate, block, remediate
- Complements SIEM (different scope)
Common mistakes
- Treating EDR like classic antivirus (EDR is more behavior/response oriented).
- Not integrating alerts into an incident response process.
Related exams
Related terms
Want to practice this in exam-style questions?
Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.
Go to exams