Endpoint detection and response (EDR) is a software program which provides detection, analysis, investigation and response capabilities. It makes use of signature less technologies to detect unknown, advanced and sophisticated malwares. With the help of machine learning and threat intelligence capabilities it is capable to perform proactive malware behavior analysis.
EDR agents collect telemetry data from the endpoint system which enables click-down visualization of complete attack chain forensics. It helps security operations analysts in shortening response time. EDR also comes with the remediation capabilities which allow it to take actions such as network isolation, file quarantine, file removal, process killing and behavior blocking.