Endpoint detection and response solutions are now a mainstream Cyber Security solution for organisations with a moderate level of Cyber Security maturity. An EndPoint Detection and Response (EDR) platform helps an organisation with: 2. Protect; 3. Detect; and 4. Respond on the NIST CSF Framework
A EndPoint Detection and Response solution will help an organisation find and resolve malicious activity occurring on the Endpoint devices (Desktops, Laptops, Servers etc) being used. The Endpoints are the primary target for an attacker trying to breach a business (Phishing, Ransomware etc) and therefore it is very important to know when suspect activity is occurring on these to be able to prevent a breach continuing and data being compromised.
EDR is currently being superseded by eXtended Detection and Response solutions which expand to the network.
EDR and XDR are also packaged as a service provided by Managed Detection and Response (MDR)providers and Advanced Managed Detection and Response (AMDR) Providers . These services tend to add expertise over top of an alert and provide a customer with insights based on global data sources.
The Endpoint Detection and Response Solutions (EDR) market is defined as solutions that record and store endpoint-system-level behaviors, use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to restore affected systems. EDR solutions must provide the following four primary capabilities: • Detect security incidents • Contain the incident at the endpoint • Investigate security incidents • Provide remediation guidanceGartner – https://www.gartner.com/reviews/market/endpoint-detection-and-response-solutions