Watch Demo×

See NinjaOne in action!

What is EDR? A Clear Definition of Security’s Hottest Buzzword

what is edr

The security industry isn’t exactly known for its transparency and crystal-clear messaging. It’s a crowded and competitive market, packed with vendors feeling the pressure to differentiate themselves and keep up with competitors. These days, there’s a tendency to claim multilayered or “all-in-one” protection, but what exactly that consists of varies, and comparing offerings can be confusing.

It also doesn’t help that security terminology reads like alphabet soup.

One of the acronyms we’re seeing thrown around a lot lately is EDR, short for endpoint detection & response. Nearly every security vendor is now saying they offer some form of EDR, so let’s define what it is and explain what it does in relation to other products in your security stack.

What is EDR?

Endpoint detection and response (EDR) refers to software designed to help organizations identify, stop, and react to threats that have bypassed other defenses.

Like other endpoint security software, EDR is deployed by installing agents on endpoints and is managed via a cloud-based SaaS portal.

Note: This blog post touches on EDR at a high level, but if you’re interested in getting more details and learning how to evaluate EDR products, see our new MSP’s Hype-Free Guide to EDR. It’s 26 pages packed full of research and info that we’re giving away for free.

What do EDR tools do?

At a high level, EDR solutions gather data from endpoints, use that data to identify potential security threats, and provide helpful ways of investigating and reacting to those potential threats.

what does edr do

Historically, these were capabilities largely confined to big enterprise companies that could afford to have teams of experienced security analysts operating out of a security operations center (SOC). Sorting through troves of data, identifying suspicious activity, and understanding how to quickly react to incidents took considerable time, effort, and expertise.

In an effort to make these capabilities more accessible, security vendors have worked on introducing EDR offerings that are less complex and centered more around streamlined workflows and automation. The goal of these “EDR Lite” solutions is to lower the barrier to entry and bring EDR capabilities to a segment of the market that sorely needs them: SMBs.

Where does EDR fit in a modern security stack?

As a capability, EDR sits downstream from prevention-focused security solutions. Its primary purpose is to enable detection and response to threats once they have bypassed other defenses like firewalls and antivirus (AV).

That said, EDR functionality is rarely sold on its own anymore. Instead, it’s often packaged together with prevention-focused technologies like NGAV to provide more unified endpoint security. So while “EDR” refers to a clearly defined set of capabilities, the lines separating EDR tools and other endpoint security tools have gotten incredibly blurry.


As Gartner puts it in its Competitive Landscape: Endpoint Protection Platforms, Worldwide, 2019 report:

“On the marketing front, many of the providers in the [endpoint security] market now look drastically similar to each other, touting machine learning and behavior-based analysis concepts — making it harder for organizations to make informed product decisions. Gartner believes that this is causing some confusion in the market.”


No kidding.

Specifically, the converging of AV/NGAV products with EDR products into single offerings has lead to the (understandably) confused take that EDR tools are better AVs. That’s not right. While many EDR tools do provide NGAV capabilities now, EDR functionality isn’t designed to keep bad things out. It’s designed to alert you when something potentially bad has broken in, and then help you react.

The truth is most vendors aren’t financially motivated to set the record straight on EDR. If potential customers are interested in it because they think it will block more attacks, they’re not going to correct them. But that makes researching and evaluating EDR solutions tricky, so to help we’ve put together a new guide that breaks everything down in clear, straightforward terms.

Want more facts about EDR and tips for evaluating solutions?

Download our free 26-page MSP’s Hype-Free Guide to EDR. It answers all the questions you should be asking about EDR, so when your customers, your boss, or prospects come asking about it, you’ll have answers.


Next Steps

The fundamentals of device security are critical to your overall security posture. NinjaOne makes it easy to patch, harden, secure, and backup all their devices centrally, remotely, and at scale.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).