GLOSSARY / EDR

What is EDR?

Endpoint Detection and Response — software that monitors endpoints for malicious behavior and enables investigation and response.

EDR records process, file, network, and registry activity on endpoints, detects threats with behavioral analytics, and lets responders isolate hosts and remediate. XDR extends this across email, identity, and cloud.

It is a successor to traditional antivirus.

Related free tools

Hash Reputation →

Related terms

SIEM Malware

Part of the Ciphers Security glossary. Free reference for analysts, defenders & learners.