Engineering:Endpoint detection and response

From HandWiki
Short description: Threat monitoring technology

Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is a cybersecurity technology that continually monitors an "endpoint" (e.g. mobile phone, laptop, Internet-of-Things device) to mitigate malicious cyber threats.[1][2][3]

History

In 2013, Anton Chuvakin of Gartner coined the term "endpoint threat detection and response" for "tools primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints".[4] Now, it is commonly known as "endpoint detection and response".

According to the Endpoint Detection and Response - Global Market Outlook (2017-2026) report, the adoption of cloud-based and on-premises EDR solutions are going to grow 26% annually, and will be valued at $7273.26 million by 2026.[5] According to the Artificial Intelligence (AI) in Cyber Security Market report by Zion Market Research, the role of machine learning and artificial intelligence will create a $30.9 billion cyber security market by 2025.[6][7]

In 2020, source code for a widely-used EDR tool was made available by Comodo Cybersecurity as OpenEDR.[8] The Commons Clause license they applied makes it available for free and more trustworthy,[9] but explicitly does not claim to meet the commercial reuse requirements of open-source.[10]

Concept

Endpoint detection and response technology is used to identify suspicious behavior and Advanced Persistent Threats on endpoints in an environment, and alert administrators accordingly. It does this by collecting and aggregating data from endpoints and other sources. That data may or may not be enriched by additional cloud analysis. EDR solutions are primarily an alerting tool rather than a protection layer but functions may be combined depending on the vendor. The data may be stored in a centralized database or forwarded to a SIEM tool. [11][12]

Every EDR platform has its unique set of capabilities. However, some common capabilities include the monitoring of endpoints in both the online and offline mode, responding to threats in real-time, increasing visibility and transparency of user data, detecting stored endpoint events and malware injections, creating blocklists and allowlists, and integration with other technologies.[1][11] Some vendors of EDR technologies leverage the free Mitre Att&ck classification and framework for threats.[13]

See also

References

  1. 1.0 1.1 "EDR Security and Protection for the Enterprise" (in en-US). https://www.cynet.com/platform/threat-protection/edr-endpoint-detection-and-response/. 
  2. "What is Endpoint Detection and Response (EDR)? - Definition from Techopedia" (in en). https://www.techopedia.com/definition/33710/endpoint-detection-and-response-edr. 
  3. "Endpoint Detection and Response (EDR) - What is EDR and why is it important? - Definition from Cyberpedia" (in en). https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr. 
  4. Chuvakin, Anton (2013-07-26). "Named: Endpoint Threat Detection & Response" (in en). https://blogs.gartner.com/anton-chuvakin/2013/07/26/named-endpoint-threat-detection-response/. 
  5. "Global $7.27 Bn Endpoint Detection and Response Market to 2026" (in en-US). https://finance.yahoo.com/news/global-7-27-bn-endpoint-131500381.html. 
  6. Research, Zion Market (2019-08-28). "Artificial Intelligence (AI) In Cyber Security Market Will Reach to USD 30.9 Billion By 2025: Zion Market Research". http://www.globenewswire.com/news-release/2019/08/28/1907655/0/en/Artificial-Intelligence-AI-In-Cyber-Security-Market-Will-Reach-to-USD-30-9-Billion-By-2025-Zion-Market-Research.html. 
  7. "10 Ways AI And Machine Learning Are Improving Endpoint Security". https://www.business2community.com/celebrity/10-ways-ai-and-machine-learning-are-improving-endpoint-security-02247235. 
  8. Cimpanu, Catalin. "Comodo open-sources its EDR solution" (in en). https://www.zdnet.com/article/comodo-open-sources-its-edr-solution/. 
  9. William, david. "OpenEDR Overview" (in en). https://www.openedr.com/. 
  10. "Commons Clause License" (in en). https://commonsclause.com/. 
  11. 11.0 11.1 "What is endpoint detection and response (EDR)? A definition by WhatIs.com" (in en). https://searchsecurity.techtarget.com/definition/endpoint-detection-and-response-EDR. 
  12. "What Is EDR? | A Brief Definition of Endpoint Detection and Response" (in en-US). 2019-03-06. https://www.xcitium.com/edr-security/edr-endpoint-detection-and-response/. 
  13. "Symantec Endpoint Detection & response Data Sheet". https://docs.broadcom.com/doc/endpoint-detection-and-response-atp-endpoint-en.