What is EDR if MDR is about threat detection and response? Endpoint detection and response (EDR) is an acronym for endpoint detection and response. Again, the word “threat” is missing since the game’s name doesn’t detect the presence of endpoints. The distinction between MDR and EDR is scope, which is sometimes referred to as ETDR (less commonly but more appropriately). EDR is primarily concerned with threat detection and response in the endpoint environment. What exactly does that imply? EDR focuses on device activity rather than network activity – think laptops, servers, and important business equipment like POS systems.
To further rasp what EDR is and isn’t, keep in mind that “detection and reaction” are simply two aspects of the cybersecurity framework Predict, Prevent, Detect, and Respond. For full disclosure, this is quite similar to the NIST Cybersecurity Framework’s five roles of identify, protect, detect, respond, and recover, in true cybersecurity manner of competing and overlapping nomenclature. But bear with me and consider this in the context of the Predict, Prevent, Detect, and Respond paradigm
EDR deals with threats that have gotten past the Predict and Prevent functions. Very important – yes, but not a complete endpoint protection platform.
