nexalign

Glossary term

EDR (Endpoint Detection and Response)

Also: Endpoint Detection and Response, Next-gen endpoint security

A class of endpoint security tools that continuously records endpoint activity and enables detection, investigation and response to threats that evade traditional antivirus. Most enterprise security incidents today are detected or contained at the EDR layer.

EDR replaced signature-based antivirus as the primary endpoint defence over the last decade. An EDR agent streams telemetry (process creation, file system activity, network connections, registry changes) to a backend that correlates and alerts on suspicious behaviour rather than known bad hashes.

Selecting an EDR is a consequential decision. The choice drives the operational posture of the security team, defines which MDR partners are viable, and locks in a data residency and telemetry model for years. EU customers under NIS2 or DORA need to verify data residency of the telemetry, not just the dashboard.

Typical dealbreakers in an EDR decision: EU telemetry storage, integration with existing SIEM and SOC tooling, support for the deployed OS mix (especially Linux and macOS), MITRE ATT&CK coverage depth, and contract-level exit and data-portability rights.

Related terms

XDR (Extended Detection and Response)

A security platform that unifies telemetry across endpoint, network, identity, email and cloud, corr

MDR (Managed Detection and Response)

A service that provides outsourced 24/7 monitoring, detection and response on top of an EDR or XDR p

SIEM (Security Information and Event Management)

A platform that centralises security logs, enables long-term retention, runs correlation rules and s

← All termsBook a demo →