Endpoint Detection and Response (EDR) is an advanced security solution that continuously monitors endpoint devices—laptops, desktops, servers and mobile devices—to detect, investigate and respond to cyber threats in real time. Unlike traditional antivirus software that relies primarily on signature-based detection, EDR uses behavioural analysis, machine learning and threat intelligence to identify sophisticated attacks such as fileless malware, lateral movement and zero-day exploits.
EDR is a critical control for organisations pursuing ISO 27001 or SOC 2 certification, as it provides both proactive threat detection and the forensic data needed for incident investigation and response. The automated response capabilities—such as isolating compromised endpoints, killing malicious processes and rolling back changes—significantly reduce the time between detection and containment, minimising the potential impact of security incidents.