See our SolarStorm response
  • Network Security
  • Cloud Security
  • Security Operations
  • More
  • Get support
  • Sign In
  • Get Started
Cyberpedia
  • Cybersecurity
  • Network Security
  • Cloud Security
  • Threats
  • Security Operations
  • Compliance
  • Cybersecurity
  • Network Security
  • Cloud Security
  • Threats
  • Security Operations
  • Compliance
Security Operations

What is an EDR Platform?

5min. read

Endpoint detection and response, or EDR, refers to a category of tools used to detect and investigate threats on endpoint devices. EDR tools typically provide detection, analysis, investigation and response capabilities.

EDR tools monitor events generated by endpoint agents to look for suspicious activity, and alerts EDR tools create help security operations analysts identify, investigate and remediate issues. EDR tools also collect telemetry data on suspicious activity and may enrich that data with other contextual information from correlated events. Through these functions, EDR is instrumental in shortening response times for incident response teams.

EDR has become a critical component of the endpoint security toolkit as endpoints have become more vulnerable targets for cyberattackers. Trends such as the internet of things and the increase in mobile and remote workers have made endpoints popular entry points for cybercriminals to launch sophisticated attacks on individuals or organizations.

The key capabilities of EDR include:

  • Aggregation of endpoint data.
  • Malware analysis.
  • Behavioral analysis – the ability to connect a chain of seemingly benign events to uncover suspicious behavior.
  • Data correlation/enrichment.
  • Correlation of related alerts into incidents.
  • Prioritization based on the confidence and severity of incidents.
  • Investigation tools that provide an alert management workflow, integrated with ticketing systems to enable incidents to be assigned, transferred, annotated and resolved.
  • Click-down attack chain visualization tools to allow investigators to pivot.
  • Querying activity across multiple cybersecurity tools, including messaging, web, endpoint and network.
  • Automated, integrated analysis with a sandbox.
  • Remediation, including network isolation, file quarantine, file removal, reimaging, process killing and behavior blocking.
  • Automated response/remediation workflows based on policies or predefined playbooks.

The Evolution of EDR Is XDR

Traditional EDR tools focus on only on endpoint data, providing limited visibility into suspected threats. This can result in missed detections, increased false positives and longer investigation times. These shortcomings compound the challenges many security teams already face, including event overload, skills shortages, narrowly focused tools, a lack of integration and too little time.

XDR is a new approach to threat detection and response. The “X” stands for any data source, such as network, cloud and endpoint sensors. XDR systems use heuristics, analytics, modeling and automation to stitch together and derive insight from these sources, increasing security visibility and productivity compared to siloed security tools.  The result is simplified investigations across security operations, reducing the time it takes to discover, hunt, investigate and respond to any form of threat.  

Click here to learn more about XDR.

Be the first to know.

As a member you’ll get exclusive invites to events, Unit 42 threat alerts and cybersecurity tips delivered to your inbox.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Subscription Reward

Popular Resources

  • Blog
  • Communities
  • Content Library
  • Cyberpedia
  • Event Center
  • Investors
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Trust Center
  • Terms of Use
  • Documents

Popular Links

  • About Us
  • Careers
  • Contact Us
  • Manage Email Preferences
Report a Vulnerability
  • USA (ENGLISH)
  • AUSTRALIA (ENGLISH)
  • BRAZIL (PORTUGUÉS)
  • CANADA (ENGLISH)
  • CHINA (简体中文)
  • FRANCE (FRANÇAIS)
  • GERMANY (DEUTSCH)
  • INDIA (ENGLISH)
  • ITALY (ITALIANO)
  • JAPAN (日本語)
  • KOREA (한국어)
  • LATIN AMERICA (ESPAÑOL)
  • MEXICO (ESPAÑOL)
  • SINGAPORE (ENGLISH)
  • SPAIN (ESPAÑOL)
  • TAIWAN (繁體中文)
  • UK (ENGLISH)
  • Facebook
  • Linkedin
  • Twitter
  • Youtube
Create an account or login

© 2021 Palo Alto Networks, Inc. All rights reserved.