What is Managed EDR?
Endpoint detection and response (EDR) is a security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated responses and analysis capabilities. In addition, “Managed” indicates the response of personnel responding to identified threats.
The primary functions of an EDR solution are to:
- Monitor and collect activity data from the endpoints that could indicate a threat
- Analyze this data to identify threat patterns
- Automatically respond to identified hazards to remove or contain them
- Notify security personnel that further investigation is needed
- To be used as a forensics and analysis tool to research identified threats and suspicious activities
Why Do I Need It?
Threat actors constantly find new and creative ways to infiltrate business networks and take advantage of them for their own gain. You are no longer just trying to protect a workstation or server; you need to protect your business operations. An EDR is a tool to identify a security threat and gain additional forensics information that is incredibly valuable when (not if) a security event occurs.
More Information
To see how EDR can fit into your organization’s risk management approach, please refer to Information Security. If you are a current managed services client, please contact your vCIO to discuss this in more detail.