Top 8 EDR (Endpoint Detection and Response)

Microsoft Defender for EndpointCrowdStrike FalconSentinelOneCisco Secure EndpointSophos Intercept XCheck Point Harmony EndpointCarbon Black CB DefenseCynet
  1. leader badge
    It's a very complete application. I have all the controls in one site. I can track emails, attacks, and threats, and I can research information. I really like this configuration because I have all the information in place.
  2. leader badge
    The features I like the most are the response time and the dashboard are both excellent.The initial setup was straightforward.
  3. Buyer's Guide
    EDR (Endpoint Detection and Response)
    November 2022
    Find out what your peers are saying about Microsoft, CrowdStrike, SentinelOne and others in EDR (Endpoint Detection and Response). Updated: November 2022.
    656,862 professionals have used our research since 2012.
  4. leader badge
    The solution offers excellent detection and integration capabilities. The setup is very straightforward.
  5. The integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful.
  6. The most valuable feature of Intercept X its ability to stay ahead of the infection. By the time the ransomware spreads to the next machine in line, the data has already been encrypted on that workstation. It didn't matter what the ransomware did because could go in and get it back.
  7. When sending emails to my colleagues, it detects any virus and blocks any spam that may be shared. Its most valuable feature is being able to integrate cloud services and centralize the protection policy from a single administration dashboard.
  8. report
    Use our free recommendation engine to learn which EDR (Endpoint Detection and Response) solutions are best for your needs.
    656,862 professionals have used our research since 2012.
  9. The solution is stable.The feature I found most valuable in Carbon Black CB Defense is the ongoing monitoring feature that works by emailing updates about any detections found.
  10. A reliable security system that automatically quarantines anything suspicious.A good feature is how the solution packages varied information into a single dashboard that's readable and meets our needs.

Advice From The Community

Read answers to top EDR (Endpoint Detection and Response) questions. 656,862 professionals have gotten help from our community of experts.
Frank Yang - PeerSpot reviewer
Frank Yang
Sales Director at a tech services company with 5,001-10,000 employees

I work at a tech services company with 5,000 - 10,000+ employees. 

We are currently researching EPP and EDR solutions. What are the main differences between EPP and EDR? 

Thanks! I appreciate the help. 

Om Salamkayala - PeerSpot reviewer
Om SalamkayalaI think most of the comments cover all the key points. EDR-End point… more »
23 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

Can EDR replace antivirus, or are both needed?

ShreekumarNair - PeerSpot reviewer
ShreekumarNairYou can use EDR solutions to track, monitor, and analyze data on endpoints to… more »
18 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

How can businesses protect themselves against Mimikatz malware?

Technicalconsult568 - PeerSpot reviewer
Technicalconsult568Mimiktaz is a post exploitation tool that dumps passwords from memory… more »
6 Answers
it_user151011 - PeerSpot reviewer
Sr. Director of Growth at PeerSpot (formerly IT Central Station)
On July 15, 2020, several verified Twitter accounts with millions of followers were compromised in a cyberattack. Many of the hacked accounts we protected using two-factor authentication, which the hackers were somehow able to bypass. Hacked accounts included Barack Obama, Joe Biden, Bill Gates,...
Read More »
Ken Shaurette - PeerSpot reviewer
Ken ShauretteFor some good information from a leading expert check out the webinar today 7/17… more »
6 Answers
reviewer1740369 - PeerSpot reviewer
User at Jkumar infra
Sep 19 2022
Hello all, An anti-virus (AV) works based on the file signature mechanism and an Endpoint Detection and Response (EDR) tool is behavior-based.  Do we need to use both EDR and AV solutions or EDR-only to protect our IT assets?  Thanks.
Read More »
Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranHi @reviewer1740369​, When evaluating EDR vs. antivirus, it’s important to… more »
7 Answers
ΔΗΜΗΤΡΙΟΣ ΠΑΓΩΝΗΣ - PeerSpot reviewer
ΔΗΜΗΤΡΙΟΣ ΠΑΓΩΝΗΣ
User at Remedy
Sep 19 2022
Hi community professionals, I am looking for your advice on whether it makes sense to use both an endpoint antivirus and an EDR solution simultaneously? What are the pros and cons of using each one or both simultaneously? *In terms of products, I've been looking at CrowdStrike Falcon, Microsoft...
Read More »
ChandanMunshi - PeerSpot reviewer
ChandanMunshiEDR (or XDR) is the new coinage for endpoint security technology.  Although… more »
9 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi infosec professionals, What are the main architectural differences between those two technologies? What are the relations between the two of them? Are they complementary? What does an XDR solution provide that SIEM doesn't and vice versa? Thanks for sharing your knowledge with the community!
Read More »
David Swift - PeerSpot reviewer
David SwiftSIEM focuses on correlation - detection, both known (and with UEBA), unknown/0… more »
6 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

Hi community,

There are many EDR solutions out there. In your opinion, what are the most important features that an EDR solution should have these days? 

Additionally, what are good questions to ask vendors when researching EDR solutions? 

Akhil Kumar - PeerSpot reviewer
Akhil KumarThat's true that there are many EDR solutions out there, According to me the… more »
6 Answers
Samy Adel - PeerSpot reviewer
Samy Adel
Senior ICT Helpdesk Administrator at CACC Cargolinx

Hello,

I'm working as a Senior ICT Helpdesk Administrator at a Logistics & Supply Chain company with 500+ employees.

Which Endpoint Detection and Response (EDR) product would you recommend purchasing and why?

I appreciate the help!

Darshil Sanghvi - PeerSpot reviewer
Darshil SanghviHi @Samy Adel ​ I just wanted to know some more details about your… more »
11 Answers

EDR (Endpoint Detection and Response) Articles

Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Aug 17 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending The...
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny BelenkyThank you to all the community members who share their knowledge with other… more »
1 Comment
Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 09 2022
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endp...
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Aug 02 2022
Dear professionals, Welcome back to PeerSpot's Community Spotlight! Below you can find the latest hot topics posted by your fellow PeerSpot Community members. Read articles, answer questions, and contribute to discussions that are relevant to you and your expertise. Or ask your peers for insight...
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky@Chris Childerhose, @PraveenKambhampati, @Deena Nouril, @Shibu Babuchandran and… more »
1 Comment
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi peers, We're happy to share our new bi-weekly Community Spotlight with you. Here you'll find recent contributions by PeerSpot community members: questions, articles and trending discussions. Trending See what your peers are discussing at the moment! What to choose: an endpoint antiviru...
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi dear community members, This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions! Trending What are the Top 5 cybersecurity trends in 2022? What are the main benefits of modern IT Asset D...
Read More »
Hugh - PeerSpot reviewer
Hugh
Freelance Writer – B2B Technology Marketing
Journal of Cyber Policy
On Saturday, May 8, 2021, major media outlets reported that Colonial Pipeline, whose fuel pipeline network supplies gasoline, jet fuel, and other petroleum necessities to over 50 million Americans, had suffered a ransomware attack and shut down its pipeline as a precaution. The disruption in supp...
Read More »

EDR (Endpoint Detection and Response) Topics

What does an endpoint protection and response system do?

An EDR system monitors endpoint and network events by recording the information in a central database. That information then undergoes further analysis and detection, followed by investigation and reporting, whereby alerts are triggered. Through the use of analytic tools, companies can improve security by identifying tasks that can deflect attacks and threats. If a threat can be contained at the endpoint, an EDR system can eliminate it and possibly prevent it from spreading further. The combination of actionable intelligence along with behavioral analysis is applied to endpoint data, which helps stop a breach incident from occurring. Although no two EDR systems may offer the same capabilities or features, all endpoint detection and response systems aim to achieve the same end goal: to monitor and detect anomalies in an effort to prevent threats.

Why is EDR important?

The number of endpoints attached to networks is on the rise, making EDR (endpoint detection and response) more significant than ever before. Because endpoints are easy targets for cyberattackers to infiltrate a network, endpoint visibility is critical for organizations. Interestingly, because EDR solutions operate based on machine learning algorithms, they are more likely to spot unknown types of malware. This can be beneficial to your company because it will allow you to make behavior-based decisions. In addition, malicious behavior patterns will not be able to bypass EDR solutions, adding an extra layer of security to your system.

The evolution of workplace mobility is forcing more employees to connect to their internet and off-site endpoints from home. Without proper security measures in place, devices can become increasingly vulnerable, making it easier for malicious attackers to take advantage. An EDR system provides enhanced security and surpasses firewalls and other antivirus solutions.

What is the difference between EDR and EPP?

It is advised to deploy a combination of EDR (endpoint detection and response) and EPP (endpoint protection platforms) to protect endpoints because while EPP works to prevent threats before they even reach the endpoint, EDR works on the assumption of breach, primarily focusing on attacks that have already successfully entered the environment. EDR strives to rapidly respond to threats, assuming that complete protection is never 100% possible. EPP acts as a first line of defense and in many cases makes it more difficult for attackers to break through the perimeter. EDR however, views endpoints as a weak link of the security perimeter and provides the visibility needed to react to an attack.

Because it is difficult and sometimes impossible for an EPP to entirely block each and every threat, it is ideal for an organization to implement both an EDR and an EPP security solution. With both systems in place, it is less likely for sophisticated threats to evade the perimeter and wreak havoc on your network and across your environment.

Another major difference between the two systems is that EPP requires minimal supervision after its initial installation. However, EDR systems rely on active investigation and analysis to successfully respond to attacks. The two types of endpoint protection solutions do not replace each other, but rather complement one another. Ideally, organizations and enterprises that can combine both will be prepared to combat cybersecurity challenges and will have the protection they need to ensure complete security.

Benefits of an EDR System

The benefits of an EDR (endpoint detection and response) system include:

  • Third-party integration: EDR solutions protect your company from multiple angles and also offer flexible integration. Endpoint detection and response solutions should include APIs or built-in integrations with other solutions.
  • Unified overview of your environment: You should be able to identify and monitor endpoint security threats. Having a good EDR system will make it easy to access your endpoints’ protection status and allow you to receive real-time alerts. Running reports for compliance purposes should also be considered a crucial feature.
  • Automation: Automation capabilities are essential. Any EDR technology should provide you with the necessary tools needed to assess and rapidly react to security incidents.
  • Global availability: The EDR solution you choose should allow you the ability to manage your environment regardless of where you are so you don’t have to deal with platform constraints.
  • Prevention: In order to both prevent and mitigate attacks, an effective EDR solution should offer protection against malware, especially for attacks that can go undetected by reactive solutions such as an antivirus.
  • Enables quick and decisive remediation: By isolating the endpoint and containing it, EDR systems allow organizations to take action quickly by stopping potentially compromised hosts from all network activity or remediating a threat before it escalates.
Features of an EDR System

Here are some of the features you should consider when looking for an EDR system:

  • Filtering: If an EDR solution has a low-quality filtering system, it can generate false positives, triggering false alerts for events that are not true threats. Poor filtering also increases the chance for true threats to go unnoticed.
  • Advanced threat blocking: If the EDR system is a good solution, it will be able to immediately detect a threat as soon as it arises, and continue monitoring it through its entire lifecycle. With a weaker system, persistent attacks can eventually bypass security measures, creating major system vulnerabilities.
  • Incident response capabilities: An EDR solution can help security personnel better manage risks because its incident response capabilities combined with threat hunting can prevent data breaches.
  • Multiple threat protection: It is important to make sure the installed security system can handle multiple simultaneous attacks (malware, ransomware, suspicious activity, and data movements).
  • Cloud-based solution: You can ensure zero impact on endpoints by having a cloud-based EDR solution and can make sure capabilities provide accurate and real-time results when dealing with search, analysis, and investigation efforts.
Buyer's Guide
EDR (Endpoint Detection and Response)
November 2022
Find out what your peers are saying about Microsoft, CrowdStrike, SentinelOne and others in EDR (Endpoint Detection and Response). Updated: November 2022.
656,862 professionals have used our research since 2012.