
EDR: Endpoint Detection Response
Acronym Series
Written by: Manny Menchaca, Security Engineer
In our Acronym Series, Nexum’s expert engineers define the industry’s most popular topics.
Acronym: EDR – Endpoint Detection and Response
Definition:
EDR is a category of cybersecurity tools used to continually detect and investigate threats on mobile devices, PCs, laptops, cloud workloads, and Internet of Things (IoT) devices in real time, ultimately mitigating malicious threats.
Explanation:
EDR analyzes events and offers advanced threat detection, investigation, response and alert triage, suspicious and malicious activity detection, and regulation.
Traditional anti-virus programs relied heavily on signatures to detect when something was malicious. Signature matching uses a database of “known bad” items, and when something matches, it’s considered a threat. Although the primary method of threat detection is still signature matching, recent versions of anti-virus solutions added some behavioral detection.
In contrast, EDR tools rely heavily on behavioral analysis to detect a threat. As zero-day vulnerabilities increase, it is essential to find an EDR solution that provides real-time visibility, a broad threat database, behavioral approach protections that search for indicators of an attack before being compromised, and a fast and accurate response to stop attacks before a breach occurs.
Many cybersecurity attacks can be prevented with the right EDR tools, minimizing the number of attacks that require in depth analysis. Key EDR functions uncover stealthy attackers by analyzing events and providing threat intelligence and proactive defense. Security teams can analyze alerts in real-time and gain visibility to local and external addresses to which hosts are connected, as well as which users have logged into the hosts (which can help detect attackers using legitimate credentials, and other potentially malevolent network activity).
Acronym Series
Here are all of the acronyms we’ve posted so far.

Acronym Series Introduction
Our new Acronym Series hopes to help our readers navigate the acronym-filled waters of IT discussions. Each article will give the acronym, the shortened phrase, a brief definition, and a little information to help you understand it.

Application Programming Interface
Nexum’s expert engineers define popular topics, such as Application Programming Interface (API), in our Acronym Series.

Request for Comments
In our Acronym Series, Nexum’s expert engineers define the industry’s most popular topics, like Request for Comments (RFC).

Secure Sockets Layer
In our Acronym Series, Nexum’s expert engineers define the industry’s most popular topics, like Secure Sockets Layer (SSL).

Transport Layer Security
Nexum’s expert engineers define popular topics, like Transport Layer Security (TLS), in our Acronym Series.

Zero Trust Network Access
In our Acronym Series, Nexum’s expert engineers define the industry’s most popular topics. Next up, Zero Trust Network Access (ZTNA).
Check Out More Resources

Nexum at Red Hat Summit
Nexum’s Peter Scudamore and George Grzyb talk about workshops introducing automation to network engineers and other tools that will help mitigate some of those after-hours calls at Red Hat Summit.

A Business Case for Being a Good Leader
Cybersecurity professionals are facing high rates of burnout. Many feel overworked and undervalued. In this Strategy Series post, Ron Temske makes the case for being a good leader.

SNOCC Quarterly Threat Update Q2 2023
Each quarter, the managed security team at Nexum shares insights from our first*defense SNOCCs. In this post, we discuss detection challenges and the importance of context.