Endpoint Detection and Response, the Emerging Technology
Endpoint Threat Detection and Response (ETDR), the term was first coined by Gartner’s Anton Chuvakin in 2013, he said: “the tools primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints.” While it’s a relatively new category of solutions, but you often find references to Endpoint Detection and Response (EDR), which is compared to Advanced Threat Protection (ATP) when it comes to overall security capabilities.
The answer to addressing the need for continuous monitoring and response to advanced threats is Endpoint detection.
How this works
It works by monitoring endpoint and network events in a central database, and also records the information for future analysis. On the host system, a software agent is installed that works as the foundation for event reporting and monitoring.
An analytical tool facilitates ongoing monitoring and detection. It identifies the tasks that can enhance the overall security by alerting and deflecting the common threats and enables the user to get early identification in case of any attacks. The rapid response is immense at all front, even if the threats are from an internal source. The rapid response to detected attacks is commendable.
Not all endpoint detection and response tools give the same performance, some go beyond it. For example, some endpoint detection performs more analysis on the agent, and with the help of performing management console most data analysis can integrate with threat intelligence providers.
Not just a tool
While Anton Chuvakin coined the term endpoint detection and the response it also is used to describe the capabilities of a tool with a much broader set of security. Take, for instance, a tool may offer application control, data encryption, device control, and encryption, privileged user control, network access control, and more.
Anton Chuvakin names several endpoint visibility use cases within three broader categories:
- Data search
- Data exploration
Most endpoint detection and response tools address the response through sophisticated analytics that detects anomalies, such as unrecognized connections, or risky activities based on baseline comparisons. This process can be automated, with triggering alerts for immediate action or further action, but many endpoint detections and response tools allow for manual analysis of data as well.
Endpoint detection and response is still in its infancy, but EDR capabilities are becoming an essential element of the enterprise security solution. The benefits brought by continuous visibility into all data activity, endpoint detection and response is in demand for enterprises that are requiring advanced threat protection.