HOME

TheInfoList



Click Here for Items Related To - Endpoint Detection And Response
OR:
Endpoint Detection And Response on:   [Wikipedia]   [Google]   [Amazon]

Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is a
cybersecurity Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and networks from thr ...
technology that continually monitors an "endpoint" (e.g. a client device such as a
mobile phone A mobile phone or cell phone is a portable telephone that allows users to make and receive calls over a radio frequency link while moving within a designated telephone service area, unlike fixed-location phones ( landline phones). This rad ...
,
laptop A laptop computer or notebook computer, also known as a laptop or notebook, is a small, portable personal computer (PC). Laptops typically have a Clamshell design, clamshell form factor (design), form factor with a flat-panel computer scree ...
,
Internet of things Internet of things (IoT) describes devices with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other communication networks. The IoT encompasse ...
device) to mitigate malicious cyber threats.


History

In 2013, Anton Chuvakin of
Gartner Gartner, Inc. is an American research and advisory firm focusing on business and technology topics. Gartner provides its products and services through research reports, conferences, and consulting. Its clients include large corporations, gover ...
coined the term "endpoint threat detection and response" for "tools primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints". Now, it is commonly known as "endpoint detection and response". According to the ''Endpoint Detection and Response - Global Market Outlook (2017-2026)'' report, the adoption of
cloud-based Cloud computing is "a paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand," according to International Organization for ...
and
on-premises On-premises software (abbreviated to on-prem, and often written as "on-premise") is installed and runs on computers on the premises of the person or organization using the software, rather than at a remote facility such as a server farm or cloud ...
EDR solutions are going to grow 26% annually, and will be valued at $7273.26 million by 2026. According to the ''
Artificial Intelligence Artificial intelligence (AI) is the capability of computer, computational systems to perform tasks typically associated with human intelligence, such as learning, reasoning, problem-solving, perception, and decision-making. It is a field of re ...
(AI) in Cyber Security Market'' report by Zion Market Research, the role of
machine learning Machine learning (ML) is a field of study in artificial intelligence concerned with the development and study of Computational statistics, statistical algorithms that can learn from data and generalise to unseen data, and thus perform Task ( ...
and
artificial intelligence Artificial intelligence (AI) is the capability of computer, computational systems to perform tasks typically associated with human intelligence, such as learning, reasoning, problem-solving, perception, and decision-making. It is a field of re ...
will create a $30.9 billion cyber security market by 2025.


Concept

Endpoint detection and response technology is used to identify suspicious behavior and advanced persistent threats on endpoints in an environment, and alert administrators accordingly. It does this by collecting and aggregating data from endpoints and other sources. That data may or may not be enriched by additional cloud analysis. EDR solutions are primarily an alerting tool rather than a protection layer but functions may be combined depending on the vendor. The data may be stored in a centralized database or forwarded to a
SIEM Security information and event management (SIEM) is a field within computer security that combines security information management (SIM) and security event management (SEM) to enable real-time analysis of security alerts generated by applications an ...
tool for cyber monitoring. Every EDR platform has its unique set of capabilities. However, some common capabilities include the monitoring of endpoints in both the online and offline mode, responding to threats in real-time, increasing visibility and transparency of user data, detecting stored endpoint events and malware injections, creating blocklists and allowlists, and integration with other technologies. Some vendors of EDR technologies leverage the free MITRE ATT&CK classification and framework for threats.


See also

*
Endpoint security Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, and other wireless devices t ...
*
Data loss prevention software Data loss prevention (DLP) software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring, detecting and blocking sensitive data while ''in use'' (endpoint actions), ''in motion'' ( network traffic), and ...
*
Network detection and response Network detection and response (NDR) refers to a category of network security products that detect abnormal system behaviors by continuously analyzing network traffic. NDR solutions apply behavioral analytics to inspect raw network packets a ...
*
Extended detection and response Extended detection and response (XDR) is a cybersecurity technology that monitors and mitigates cyber security threats. Concept The term was coined by Nir Zuk of Palo Alto Networks in 2018. According to Chapple, Stewart and Gibson, XDR is not ...
(XDR)


References

{{Reflist, 1 Security technology