HOME

TheInfoList



Click Here for Items Related To - Endpoint Detection And Response
OR:
Endpoint Detection And Response on:   [Wikipedia]   [Google]   [Amazon]

Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is a
cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
technology that continually monitors an "endpoint" (e.g. mobile phone, laptop, Internet-of-Things device) to mitigate malicious cyber threats.


History

In 2013,
Anton Chuvakin Anton Chuvakin is a computer security specialist, currently a Research Director at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. Formerly he was a principal at Security Warrior Consulting. Previous ...
of
Gartner Gartner, Inc is a technological research and consulting firm based in Stamford, Connecticut that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its clients ...
coined the term "endpoint threat detection and response" for "tools primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints". Now, it is commonly known as "endpoint detection and response". According to the ''Endpoint Detection and Response - Global Market Outlook (2017-2026)'' report, the adoption of cloud-based and on-premises EDR solutions are going to grow 26% annually, and will be valued at $7273.26 million by 2026. According to the ''Artificial Intelligence (AI) in Cyber Security Market'' report by Zion Market Research, the role of machine learning and artificial intelligence will create a $30.9 billion cyber security market by 2025. In 2020, source code for a widely-used EDR tool was made available by
Comodo Cybersecurity Xcitium, formerly known as Comodo Security Solutions, Inc., is a cybersecurity company headquartered in Bloomfield, New Jersey in the United States. History The company was founded in 1998 in the United Kingdom by Melih Abdulhayoğlu. The compa ...
as
OpenEDR OpenEDR is an open-source initiative started by Xcitium. OpenEDR is a platform that analyzes at base-security-event level and generates reports for IT staff members. The source code is open source and available on GitHub GitHub, Inc. () i ...
. The
Commons Clause Source-available software is software released through a source code distribution model that includes arrangements where the source can be viewed, and in some cases modified, but without necessarily meeting the criteria to be called open-source ...
license they applied makes it available for free and more trustworthy, but explicitly does not claim to meet the commercial reuse requirements of
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
.


Concept

Endpoint detection and response technology is used to identify suspicious behavior and Advanced Persistent Threats on endpoints in an environment, and alert administrators accordingly. It does this by collecting and aggregating data from endpoints and other sources. That data may or may not be enriched by additional cloud analysis. EDR solutions are primarily an alerting tool rather than a protection layer but functions may be combined depending on the vendor. The data may be stored in a centralized database or forwarded to a
SIEM Siem is a surname. Notable people with the surname include: * Charlie Siem (born 1986), British violinist * Kjetil Siem (born 1960), Norwegian businessperson, journalist, author and sports official * Kristian Siem (born 1949), Norwegian businessman ...
tool. Every EDR platform has its unique set of capabilities. However, some common capabilities include the monitoring of endpoints in both the online and offline mode, responding to threats in real-time, increasing visibility and transparency of user data, detecting stored endpoint events and malware injections, creating blacklists and whitelist, and integration with other technologies. Some vendors of EDR technologies leverage the free Mitre Att&ck classification and framework for threats.


See also

*
Endpoint security Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, Internet-of-things devices ...
*
Data loss prevention software Data loss prevention (DLP) software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while ''in use'' (endpoint actions), ''in motion'' (network traffic), and ' ...


References

{{Reflist, 1 Security technology