- Endpoint Detection and Response (EDRs) system protects individual devices (endpoints) by continuously monitoring for and responding to security threats.
- It includes features for threat detection, incident response, investigation, and forensics, making it a vital component of modern cybersecurity strategies.
- Most EDRs correlate activity to gain broader telemetry and improve on detections. Even if all performed activity is undetected by an AV, EDRs can still corelate all actions performed to identity attacker TTPs.
Microsoft Defender for Endpoint (MDE) is the high performing EDR by Microsoft.
In addition to standard EDR capabilities, MDE collects and processes behavioral signals from the OS and analyzes this using cloud security analytics.
MDE also supports detection based on the following technologies:
- Attack Surface reduction rules
- Exploit protection
- Network protection
- Controlled Folder Access and Device control