How EDR works
Endpoint Detection and Response tools work by continuously
monitoring activity on endpoints, with the aim of identifying
suspicious or threatening behavior in real time. Information is
recorded and analyzed for internal or external attacks. EDR can
identify specific behaviors to alert organizations to potential
threats before the attackers can cause harm. Once a threat has been
detected, EDR can isolate and deflect attacks from internal and
external sources, protecting endpoint devices from risks. The
end-to-end analysis is supported by a range of innovative
technologies, including machine learning and behavioral analysis.
The alerts and data can be correlated with other vectors and
intelligence can be applied to provide Extended Detection and Response
(XDR) the quickly find threats propagating within an organization.