Top 8 EDR (Endpoint Detection and Response)
CrowdStrike FalconSentinelOneMicrosoft Defender for EndpointSophos Intercept XCheck Point Harmony EndpointCarbon Black CB DefenseElastic SecurityBitdefender GravityZone Ultra
Popular Comparisons The CS falcon agent is a lightweight agent compared with other agents of EDR products.
The solution has improved my organization by automating the detection and reporting of unwanted applications so we're aware of them and can respond appropriately.
Popular Comparisons SentinelOne is very lightweight. It doesn’t consume much memory of endpoints. Endpoints don't hang, and machine performance doesn’t get impacted. Their technical support is also very nice.
Popular Comparisons This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time.
Popular Comparisons The most valuable feature of Sophos Intercept X is cloud management.
The security on offer is pretty good. We are happy with it.
Popular Comparisons We love the reports and monitoring they provide.
The solution has all the standard features you would expect for endpoint protection.
Popular Comparisons The solution is stable.
The feature I found most valuable in Carbon Black CB Defense is the ongoing monitoring feature that works by emailing updates about any detections found.
Popular Comparisons We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive.
Popular Comparisons It was easy to set up.
It's a very stable solution.
Buyer's Guide
EDR (Endpoint Detection and Response)
July 2022

Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in EDR (Endpoint Detection and Response). Updated: July 2022.
620,600 professionals have used our research since 2012.
Use our free recommendation engine to learn which EDR (Endpoint Detection and Response) solutions are best for your needs.
620,600 professionals have used our research since 2012.
See all 42 solutions in EDR (Endpoint Detection and Response)
Advice From The Community
Read answers to top EDR (Endpoint Detection and Response) questions. 620,600 professionals have gotten help from our community of experts.EDR (Endpoint Detection and Response) Articles
EDR (Endpoint Detection and Response) Topics
What does an endpoint protection and response system do?Why is EDR important?What is the difference between EDR and EPP?Benefits of an EDR SystemFeatures of an EDR System
What does an endpoint protection and response system do?
An EDR system monitors endpoint and network events by recording the information in a central database. That information then undergoes further analysis and detection, followed by investigation and reporting, whereby alerts are triggered. Through the use of analytic tools, companies can improve security by identifying tasks that can deflect attacks and threats. If a threat can be contained at the endpoint, an EDR system can eliminate it and possibly prevent it from spreading further. The combination of actionable intelligence along with behavioral analysis is applied to endpoint data, which helps stop a breach incident from occurring. Although no two EDR systems may offer the same capabilities or features, all endpoint detection and response systems aim to achieve the same end goal: to monitor and detect anomalies in an effort to prevent threats.
Why is EDR important?
The number of endpoints attached to networks is on the rise, making EDR (endpoint detection and response) more significant than ever before. Because endpoints are easy targets for cyberattackers to infiltrate a network, endpoint visibility is critical for organizations. Interestingly, because EDR solutions operate based on machine learning algorithms, they are more likely to spot unknown types of malware. This can be beneficial to your company because it will allow you to make behavior-based decisions. In addition, malicious behavior patterns will not be able to bypass EDR solutions, adding an extra layer of security to your system.
The evolution of workplace mobility is forcing more employees to connect to their internet and off-site endpoints from home. Without proper security measures in place, devices can become increasingly vulnerable, making it easier for malicious attackers to take advantage. An EDR system provides enhanced security and surpasses firewalls and other antivirus solutions.
What is the difference between EDR and EPP?
It is advised to deploy a combination of EDR (endpoint detection and response) and EPP (endpoint protection platforms) to protect endpoints because while EPP works to prevent threats before they even reach the endpoint, EDR works on the assumption of breach, primarily focusing on attacks that have already successfully entered the environment. EDR strives to rapidly respond to threats, assuming that complete protection is never 100% possible. EPP acts as a first line of defense and in many cases makes it more difficult for attackers to break through the perimeter. EDR however, views endpoints as a weak link of the security perimeter and provides the visibility needed to react to an attack.
Because it is difficult and sometimes impossible for an EPP to entirely block each and every threat, it is ideal for an organization to implement both an EDR and an EPP security solution. With both systems in place, it is less likely for sophisticated threats to evade the perimeter and wreak havoc on your network and across your environment.
Another major difference between the two systems is that EPP requires minimal supervision after its initial installation. However, EDR systems rely on active investigation and analysis to successfully respond to attacks. The two types of endpoint protection solutions do not replace each other, but rather complement one another. Ideally, organizations and enterprises that can combine both will be prepared to combat cybersecurity challenges and will have the protection they need to ensure complete security.
Benefits of an EDR System
The benefits of an EDR (endpoint detection and response) system include:
- Third-party integration: EDR solutions protect your company from multiple angles and also offer flexible integration. Endpoint detection and response solutions should include APIs or built-in integrations with other solutions.
- Unified overview of your environment: You should be able to identify and monitor endpoint security threats. Having a good EDR system will make it easy to access your endpoints’ protection status and allow you to receive real-time alerts. Running reports for compliance purposes should also be considered a crucial feature.
- Automation: Automation capabilities are essential. Any EDR technology should provide you with the necessary tools needed to assess and rapidly react to security incidents.
- Global availability: The EDR solution you choose should allow you the ability to manage your environment regardless of where you are so you don’t have to deal with platform constraints.
- Prevention: In order to both prevent and mitigate attacks, an effective EDR solution should offer protection against malware, especially for attacks that can go undetected by reactive solutions such as an antivirus.
- Enables quick and decisive remediation: By isolating the endpoint and containing it, EDR systems allow organizations to take action quickly by stopping potentially compromised hosts from all network activity or remediating a threat before it escalates.
Features of an EDR System
Here are some of the features you should consider when looking for an EDR system:
- Filtering: If an EDR solution has a low-quality filtering system, it can generate false positives, triggering false alerts for events that are not true threats. Poor filtering also increases the chance for true threats to go unnoticed.
- Advanced threat blocking: If the EDR system is a good solution, it will be able to immediately detect a threat as soon as it arises, and continue monitoring it through its entire lifecycle. With a weaker system, persistent attacks can eventually bypass security measures, creating major system vulnerabilities.
- Incident response capabilities: An EDR solution can help security personnel better manage risks because its incident response capabilities combined with threat hunting can prevent data breaches.
- Multiple threat protection: It is important to make sure the installed security system can handle multiple simultaneous attacks (malware, ransomware, suspicious activity, and data movements).
- Cloud-based solution: You can ensure zero impact on endpoints by having a cloud-based EDR solution and can make sure capabilities provide accurate and real-time results when dealing with search, analysis, and investigation efforts.
Buyer's Guide
EDR (Endpoint Detection and Response)
July 2022

Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in EDR (Endpoint Detection and Response). Updated: July 2022.
620,600 professionals have used our research since 2012.