How EDR works
Endpoint Detection and Response tools work
by continuously monitoring activity on endpoints, with the aim of
identifying suspicious or threatening behavior in real time.
Information is recorded and analyzed for internal or external attacks.
EDR can identify specific behaviors to alert organizations to
potential threats before the attackers can cause harm. Once a threat
has been detected, EDR can isolate and deflect attacks from internal
and external sources, protecting endpoint devices from risks. The
end-to-end analysis is supported by a range of innovative
technologies, including machine learning and behavioral analysis.
The alerts and data can be correlated with
other vectors and intelligence can be applied to provide Extended
Detection and Response (XDR) the quickly find
threats propagating within an organization.