Answer
Endpoint detection and response (EDR) is software that uses real-time analytics and AI-driven automation to protect an organization's end users, endpoint devices and IT assets against cyberthreats that get past antivirus software and other traditional endpoint security tools. EDR collects data continuously from all endpoints on the network and analyzes this data in real time for evidence of known or suspected cyberthreats, and can respond automatically to prevent or minimize damage from threats it identifies.
Endpoint protection platforms (EPPs) are the first line of defense including advanced antivirus and antimalware protection, and an EDR provides additional protection if a breach happens by enabling detection and remediation. EDR has the ability to hunt for as-yet-unknown threats by detecting and analyzing suspicious behaviors, otherwise known as indicators of compromise (IOCs). EDR solutions typically combine five core capabilities: continuous endpoint data collection, real-time analysis and threat detection, automated threat response, threat isolation and remediation, and support for threat hunting.