Skip to main content
Meet NetWitness at RSA Conference 2024!
Stop by our booth #254 or book a meeting with an expert. Reserve Your Spot Today!
Featured Small The Language of Cybersecurity

What is EDR? Your guide to endpoint detection and response

The Language of Cybersecurity

Endpoint detection and response (EDR) solutions detect and investigate suspicious activities and other problems on network hosts and endpoints. Offering an additional layer of protection above that of traditional anti-virus software, EDR is meant to counter hackers seeking to install malware used to steal passwords, record keystrokes, encrypt files and hold them for ransom, or perform other malicious activity. EDR gathers and analyzes information on possible security threats from computer workstations and other endpoints, and alerts IT staff to potential and active attacks.

Breaking It Down: Endpoint, Detection and Response

Endpoint. An endpoint is any device that people or software use to connect to a network. An endpoint’s operating system and applications may allow users to connect to the internet, send and receive email, process financial transactions or perform many other activities. Some common endpoints include:

  • Desktop and laptop computers
  • Smartphones and tablets
  • Servers
  • Workstations
  • Internet-of-things (IoT) devices


Related resources

[1] Michael Hill, “70% of Orgs Facing New Security Challenges Due to #COVID19 Pandemic,” Infosecurity Magazine, March 1, 2021.