What is EDR? A Clear Definition of Security’s Hottest Buzzword
The security industry isn’t exactly known for its transparency and crystal-clear messaging. It’s a crowded and competitive market, packed with vendors feeling the pressure to differentiate themselves and keep up with competitors. These days, there’s a tendency to claim multilayered or “all-in-one” protection, but what exactly that consists of varies, and comparing offerings can be confusing.
It also doesn’t help that security terminology reads like alphabet soup.
One of the acronyms we’re seeing thrown around a lot lately is EDR, short for endpoint detection & response. Nearly every security vendor is now saying they offer some form of EDR, so let’s define what it is and explain what it does in relation to other products in your security stack.
What is EDR?
Endpoint detection and response (EDR) refers to software designed to help organizations identify, stop, and react to threats that have bypassed other defenses.
Like other endpoint security software, EDR is deployed by installing agents on endpoints and is managed via a cloud-based SaaS portal.
Note: This blog post touches on EDR at a high level, but if you’re interested in getting more details and learning how to evaluate EDR products, see our new MSP’s Hype-Free Guide to EDR. It’s 26 pages packed full of research and info that we’re giving away for free.
What do EDR tools do?
At a high level, EDR solutions gather data from endpoints, use that data to identify potential security threats, and provide helpful ways of investigating and reacting to those potential threats.
Historically, these were capabilities largely confined to big enterprise companies that could afford to have teams of experienced security analysts operating out of a security operations center (SOC). Sorting through troves of data, identifying suspicious activity, and understanding how to quickly react to incidents took considerable time, effort, and expertise.
In an effort to make these capabilities more accessible, security vendors have worked on introducing EDR offerings that are less complex and centered more around streamlined workflows and automation. The goal of these “EDR Lite” solutions is to lower the barrier to entry and bring EDR capabilities to a segment of the market that sorely needs them: SMBs.
Where does EDR fit in a modern security stack?
As a capability, EDR sits downstream from prevention-focused security solutions. Its primary purpose is to enable detection and response to threats once they have bypassed other defenses like firewalls and antivirus (AV).
That said, EDR functionality is rarely sold on its own anymore. Instead, it’s often packaged together with prevention-focused technologies like NGAV to provide more unified endpoint security. So while “EDR” refers to a clearly defined set of capabilities, the lines separating EDR tools and other endpoint security tools have gotten incredibly blurry.
As Gartner puts it in its Competitive Landscape: Endpoint Protection Platforms, Worldwide, 2019 report:
“On the marketing front, many of the providers in the [endpoint security] market now look drastically similar to each other, touting machine learning and behavior-based analysis concepts — making it harder for organizations to make informed product decisions. Gartner believes that this is causing some confusion in the market.”
Specifically, the converging of AV/NGAV products with EDR products into single offerings has lead to the (understandably) confused take that EDR tools are better AVs. That’s not right. While many EDR tools do provide NGAV capabilities now, EDR functionality isn’t designed to keep bad things out. It’s designed to alert you when something potentially bad has broken in, and then help you react.
The truth is most vendors aren’t financially motivated to set the record straight on EDR. If potential customers are interested in it because they think it will block more attacks, they’re not going to correct them. But that makes researching and evaluating EDR solutions tricky, so to help we’ve put together a new guide that breaks everything down in clear, straightforward terms.
Want more facts about EDR and tips for evaluating solutions?
Download our free 26-page MSP’s Hype-Free Guide to EDR. It answers all the questions you should be asking about EDR, so when your customers, your boss, or prospects come asking about it, you’ll have answers.
Jonathan Crowe is senior content manager at NinjaRMM. Read more NinjaRMM blogs here.