EDR (Endpoint Detection and Response) is a security technology that continuously monitors endpoints, detects suspicious behavior, and enables automated responses. EDR goes beyond traditional antivirus by combining behavioral analysis, machine learning, and threat intelligence.
EDR agents record process activity, network connections, file changes, and registry access. When a threat is suspected, the system can automatically terminate processes, isolate devices, or capture forensic data. For security teams, EDR provides the foundation for incident response: the recorded telemetry allows the course of an attack to be traced end to end. Combined with a SIEM, it creates a comprehensive situational picture.