
EDR: Endpoint Detection Response
Acronym Series
Written by: Manny Menchaca, Security Engineer
In our Acronym Series, Nexum’s expert engineers define the industry’s most popular topics.
Acronym: EDR – Endpoint Detection and Response
Definition:
EDR is a category of cybersecurity tools used to continually detect and investigate threats on mobile devices, PCs, laptops, cloud workloads, and Internet of Things (IoT) devices in real time, ultimately mitigating malicious threats.
Explanation:
EDR analyzes events and offers advanced threat detection, investigation, response and alert triage, suspicious and malicious activity detection, and regulation.
Traditional anti-virus programs relied heavily on signatures to detect when something was malicious. Signature matching uses a database of “known bad” items, and when something matches, it’s considered a threat. Although the primary method of threat detection is still signature matching, recent versions of anti-virus solutions added some behavioral detection.
In contrast, EDR tools rely heavily on behavioral analysis to detect a threat. As zero-day vulnerabilities increase, it is essential to find an EDR solution that provides real-time visibility, a broad threat database, behavioral approach protections that search for indicators of an attack before being compromised, and a fast and accurate response to stop attacks before a breach occurs.
Many cybersecurity attacks can be prevented with the right EDR tools, minimizing the number of attacks that require in depth analysis. Key EDR functions uncover stealthy attackers by analyzing events and providing threat intelligence and proactive defense. Security teams can analyze alerts in real-time and gain visibility to local and external addresses to which hosts are connected, as well as which users have logged into the hosts (which can help detect attackers using legitimate credentials, and other potentially malevolent network activity).
Acronym Series
Here are all of the acronyms we’ve posted so far.

Acronym Series Introduction
Our new Acronym Series hopes to help our readers navigate the acronym-filled waters of IT discussions. Each article will give the acronym, the shortened phrase, a brief definition, and a little information to help you understand it.

Application Programming Interface
Nexum’s expert engineers define popular topics, such as Application Programming Interface (API), in our Acronym Series.

Secure Sockets Layer
In our Acronym Series, Nexum’s expert engineers define the industry’s most popular topics, like Secure Sockets Layer (SSL).

Transport Layer Security
Nexum’s expert engineers define popular topics, like Transport Layer Security (TLS), in our Acronym Series.

Zero Trust Network Access
In our Acronym Series, Nexum’s expert engineers define the industry’s most popular topics. Next up, Zero Trust Network Access (ZTNA).
Check Out More Resources

Application Programming Interface
Nexum’s expert engineers define popular topics, such as Application Programming Interface (API), in our Acronym Series.

Ransomware “Does Not Succeed” with DNS
Part 3 of our Ransomware Series focuses on a vital Internet technology that is an entry point for ransomware and malware propagation: Domain Name System (DNS).

Nexum at AnsibleFest
Check out this event recap from the Nexum team who attended AnsibleFest. This post includes our takeaways and other event information.