Endpoint detection and response

Last updated

Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is a cybersecurity technology that continually monitors an "endpoint" (e.g. mobile phone, laptop, Internet-of-Things device) to mitigate malicious cyber threats. [1] [2] [3]

Contents

History

In 2013, Anton Chuvakin of Gartner coined the term "endpoint threat detection and response" for "tools primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints". [4] Now, it is commonly known as "endpoint detection and response".

According to the Endpoint Detection and Response - Global Market Outlook (2017-2026) report, the adoption of cloud-based and on-premises EDR solutions are going to grow 26% annually, and will be valued at $7273.26 million by 2026. [5] According to the Artificial Intelligence (AI) in Cyber Security Market report by Zion Market Research, the role of machine learning and artificial intelligence will create a $30.9 billion cyber security market by 2025. [6] [7]

Concept

Endpoint detection and response technology is used to identify suspicious behavior and Advanced Persistent Threats on endpoints in an environment, and alert administrators accordingly. It does this by collecting and aggregating data from endpoints and other sources. That data may or may not be enriched by additional cloud analysis. EDR solutions are primarily an alerting tool rather than a protection layer but functions may be combined depending on the vendor. The data may be stored in a centralized database or forwarded to a SIEM tool. [8] [9]

Every EDR platform has its unique set of capabilities. However, some common capabilities include the monitoring of endpoints in both the online and offline mode, responding to threats in real-time, increasing visibility and transparency of user data, detecting stored endpoint events and malware injections, creating blocklists and allowlists, and integration with other technologies. [1] [8] Some vendors of EDR technologies leverage the free MITRE ATT&CK classification and framework for threats. [10]

See also

Related Research Articles

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

<span class="mw-page-title-main">Gartner</span> American research company

Gartner, Inc. is an American technological research and consulting firm based in Stamford, Connecticut, that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its clients include large corporations, government agencies, technology companies, and investment firms.

Fortinet, Inc. is a cybersecurity company with headquarters in Sunnyvale, California. The company develops and sells security solutions like firewalls, endpoint security and intrusion detection systems. Fortinet has offices located all over the world.

Webroot Inc. is an American privately-held cybersecurity software company that provides Internet security for consumers and businesses. The company was founded in Boulder, Colorado, US, and is now headquartered in Broomfield, Colorado, and has US operations in San Mateo and San Diego, and globally in Australia, Austria, Ireland, Japan and the United Kingdom.

<span class="mw-page-title-main">Symantec Endpoint Protection</span> Computer security software

Symantec Endpoint Protection, developed by Broadcom Inc., is a security software suite that consists of anti-malware, intrusion prevention and firewall features for server and desktop computers.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Secureworks Inc. is an American cybersecurity company. The company has approximately 4,000 customers in more than 50 countries, ranging from Fortune 100 companies to mid-sized businesses in a variety of industries.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

Vectra AI, Inc. is a cybersecurity company that uses AI for hybrid attack detection, investigation, and response (NDR) solutions. The company was established in 2012 and operates in 113 countries from its San Jose, California headquarters.

User behavior analytics (UBA) or user and entity behavior analytics (UEBA), is the concept of analyzing the behavior of users, subjects, visitors, etc. for a specific purpose. It allows cybersecurity tools to build a profile of each individual's normal activity, by looking at patterns of human behavior, and then highlighting deviations from that profile that may indicate a potential compromise.

Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, and other wireless devices to corporate networks creates attack paths for security threats. Endpoint security attempts to ensure that such devices follow compliance to standards.

Gigamon is a privately held computer security company with products that delivers network-derived intelligence and insights to cloud, security, observability, and network management tools. It is one of the main parts in the deep observability market. Formerly traded publicly, it is now owned by Elliott Management and headquartered in Santa Clara, California.

The industrial internet of things (IIoT) refers to interconnected sensors, instruments, and other devices networked together with computers' industrial applications, including manufacturing and energy management. This connectivity allows for data collection, exchange, and analysis, potentially facilitating improvements in productivity and efficiency as well as other economic benefits. The IIoT is an evolution of a distributed control system (DCS) that allows for a higher degree of automation by using cloud computing to refine and optimize the process controls.

Browser isolation is a cybersecurity model which aims to physically isolate an internet user's browsing activity away from their local networks and infrastructure. Browser isolation technologies approach this model in different ways, but they all seek to achieve the same goal, effective isolation of the web browser and a user's browsing activity as a method of securing web browsers from browser-based security exploits, as well as web-borne threats such as ransomware and other malware. When a browser isolation technology is delivered to its customers as a cloud hosted service, this is known as remote browser isolation (RBI), a model which enables organizations to deploy a browser isolation solution to their users without managing the associated server infrastructure. There are also client side approaches to browser isolation, based on client-side hypervisors, which do not depend on servers in order to isolate their users browsing activity and the associated risks, instead the activity is virtually isolated on the local host machine. Client-side solutions break the security through physical isolation model, but they do allow the user to avoid the server overhead costs associated with remote browser isolation solutions.

<span class="mw-page-title-main">Anomali</span> American cybersecurity company

Anomali Inc. is an American cybersecurity company that develops and provides threat intelligence products. In 2023, the company moved into providing security analytics powered by artificial intelligence (AI).

Nyotron is an information-security company. It was established in 2009 by brothers Nir and Ofer Gaist. Nir Gaist is the CTO, and Sagit Manor became the CEO in 2017. The company is based in Santa Clara, CA, with an R&D office in Herzliya, Israel.

Extended detection and response (XDR) is a cybersecurity technology that monitors and mitigates cyber security threats.

Identity threat detection and response (ITDR) is a cybersecurity discipline that includes tools and best practices to protect identity management infrastructure from attacks. ITDR can block and detect threats, verify administrator credentials, respond to various attacks, and restore normal operations. Common identity threats include phishing, stolen credentials, insider threats, and ransomware.

Network detection and response (NDR) refers to a category of network security products that detect abnormal system behaviors by continuously analyzing network traffic. NDR solutions apply behavioral analytics to inspect raw network packets and metadata for both internal (east-west) and external (north-south) network communications.

Managed detection and response is a type of cybersecurity service providing customers with a cyberdefense technology and the associated remotely delivered human expertise. Those services help organizations monitor, detect, analyze and respond to advanced cyber threats. MDR is a form of managed security service (MSS).

References

  1. 1 2 "EDR Security and Protection for the Enterprise". Cynet. Retrieved 2019-09-29.
  2. "What is Endpoint Detection and Response (EDR)? - Definition from Techopedia". Techopedia.com. Retrieved 2019-09-29.
  3. "Endpoint Detection and Response (EDR) - What is EDR and why is it important? - Definition from Cyberpedia". Palo Alto Networks. Retrieved 2021-09-03.
  4. Chuvakin, Anton (2013-07-26). "Named: Endpoint Threat Detection & Response". Gartner Blog Network. Retrieved 2019-09-16.
  5. "Global $7.27 Bn Endpoint Detection and Response Market to 2026". finance.yahoo.com. Retrieved 2019-09-24.
  6. Research, Zion Market (2019-08-28). "Artificial Intelligence (AI) In Cyber Security Market Will Reach to USD 30.9 Billion By 2025: Zion Market Research". GlobeNewswire News Room. Retrieved 2019-10-10.
  7. "10 Ways AI And Machine Learning Are Improving Endpoint Security". Business 2 Community. Retrieved 2019-10-10.
  8. 1 2 "What is endpoint detection and response (EDR)? A definition by WhatIs.com". SearchSecurity. Retrieved 2019-09-29.
  9. "What Is EDR? | A Brief Definition of Endpoint Detection and Response". Comodo News For Enterprise Security. 2019-03-06. Retrieved 2019-09-29.
  10. "Symantec Endpoint Detection & response Data Sheet". Broadcom.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.