EDR/XDR - Extended Detection and Response

Definition

What is an Extended Detection and Response (EDR and XDR)?

Endpoint Detection and Response (EDR) focuses on managing, monitoring, and responding to threats occurring on personal computers, servers, and other endpoints. It is used to detect suspicious activity, analyze behavior, and initiate initial responses to security incidents. EDR accomplishes this by collecting information on the behavior of the computer (through logs, hooks, etc.) and conducting real-time analyses.

Extended Detection and Response (XDR), similar in nature to EDR, operates on a broader scale. Instead of focusing only on personal computers or workstations, XDR integrates data and response capabilities from multiple sources, including remote applications (such as email servers), network components (such as firewalls), and more. XDR evolved from the initial version of EDR and, while both are capable of identifying and stopping attacks, they differ primarily in the scope of coverage they provide.

YouTube player

You may also find interesting

OpenEDR

AlienVault OSSIM​

You may also find interesting

OpenEDR

AlienVault OSSIM​

Glossary

Sandbox

A Sandbox is an isolated environment where code or software...

Read More

Hashing

Hashing is a cryptographic process that transforms an input ("message")...

Read More

Antivirus

The traditional Antivirus software is designed to detect, block, and...

Read More

MITRE

MITRE is a not-for-profit organization that operates federally funded research...

Read More

MITRE ATT&CK

MITRE is a not-for-profit organization that operates federally funded research...

Read More