Endpoint Detection and Response (EDR) is a security concept for cyber incident protection that combines software and human response. Software is installed on an end device (endpoint), such as a computer, smartphone or tablet, which detects malware and anomalies (detection). Malware detected by the software is finally isolated and prevented from further execution. Abnormalities can be checked by a human IT security expert and, if necessary, responded to with appropriate measures. (Response)
This is how the two components of EDR interlock:
Stage 1: “Detection” by software on the end device
Stage 2: “Response”, the reaction of a human being
In most cases, you won’t notice a working EDR in your day-to-day work. All data, servers and the Internet are available to you as usual. Only if there is a serious attack on your company will the IT security experts contact you immediately and, if necessary, discuss the recommended course of action. How often this happens depends on your industry, your company size and the level of cybersecurity of your company, among other things. To get a clue, simply ask for experience with comparable companies when setting up the EDR.
After setting up an EDR, you only need to take action in the event of a serious attack. Your IT security experts will then give you the appropriate instructions.
