← All glossary terms Glossary

What is Endpoint Detection and Response (EDR)?

Security software on laptops, servers, and workstations that detects and stops attacks attackers run on the device itself.

Endpoint Detection and Response (EDR) is a category of security software that goes well beyond traditional antivirus. EDR watches what processes are running, what files are being created, what network connections are made, and what behavioural patterns those add up to — flagging or stopping activity that looks like ransomware, credential theft, or living-off-the-land techniques. EDR is the foundation most MDR services are built on, and it has effectively replaced standalone antivirus for organizations that take security seriously.

Keep learning

Related terms

Extended Detection and Response (XDR)

Detection and response across multiple security data sources — endpoints, email, identity, cloud — combined into one platform.

Read definition →

Security Operations Center (SOC)

The team and tooling that continuously monitor your environment for security threats, investigate them, and respond when something is found.

Read definition →

Security Information and Event Management (SIEM)

A platform that collects log data from across your environment and runs detection rules over it to find security events.

Read definition →

Security Orchestration, Automation, and Response (SOAR)

Tooling that automates repetitive parts of investigation and response — like enriching alerts or isolating endpoints.

Read definition →

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team