IT Glossary · Cybersecurity

EDR — Endpoint Detection and Response

EDR is advanced endpoint security that not only blocks known malware but also detects and responds to suspicious behaviour on computers — catching threats like ransomware and targeted attacks that traditional antivirus misses.

Endpoint Detection and Response (EDR) is a cybersecurity technology that continuously monitors endpoint activities (file changes, process launches, network connections, registry modifications) and uses AI and behavioural analysis to detect threats. Unlike traditional antivirus that compares files against known malware signatures, EDR watches what software does — if a process starts encrypting hundreds of files rapidly (classic ransomware behaviour), EDR detects and stops it even if it has never seen that specific malware before. EDR also provides forensic capabilities to investigate how an attack happened and what data was affected.

• Continuous Monitoring: Records all endpoint activities 24/7 — every file access, process launch, network connection — for detection and investigation.
• Behavioural Analysis: AI-based detection of suspicious patterns rather than signature matching — catches new and unknown threats.
• Automated Response: Automatically isolates compromised endpoints, kills malicious processes, and rolls back changes (ransomware rollback).
• Threat Hunting: Security teams can proactively search historical endpoint data to find threats that evaded initial detection.

Related terms: Antivirus, XDR, MDR, Ransomware, SIEM, Endpoint Security, CERT-In

Protect your business from ransomware with EDR — get a free cybersecurity assessment from National IT Service.