Endpoint Detection and Response (EDR)
Security technology that continuously monitors endpoints to detect and respond to cyber threats.
Full Definition
Endpoint Detection and Response (EDR) is a cybersecurity solution that continuously monitors endpoint devices — computers, servers, mobile devices — to detect, investigate, and respond to suspicious activities and threats in real time. EDR tools record detailed endpoint and network events, enabling threat hunters and security analysts to investigate attacks and understand the full scope of incidents.
Unlike traditional antivirus, EDR uses behavioral analysis, machine learning, and threat intelligence to detect novel threats that signature-based tools miss. Key capabilities include real-time threat detection, automated response (isolating infected endpoints), forensic investigation, and integration with SIEM platforms.
EDR is a critical layer of enterprise defense, but it is not infallible — modern infostealers and fileless malware are often specifically engineered to evade EDR detection through techniques like living-off-the-land and process injection.
Related Terms
Malware
Any software intentionally designed to cause harm, disrupt, or gain unauthorized access to systems.
Malware & InfrastructureInfostealer
Malware designed to silently harvest credentials, cookies, and sensitive data from infected devices.
Malware & InfrastructureSIEM (Security Information and Event Management)
A platform that aggregates and correlates security event logs to detect threats and support incident response.
Defensive SecurityThreat Hunting
Proactive, human-led search for threats that have evaded automated detection within an environment.
Defensive SecurityMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.