What is the primary function of Endpoint Detection and Response (EDR)?

EDR focuses on monitoring endpoints, recording their behaviors, and enabling threat hunting to detect and contain advanced threats. By continuously collecting data from each device—process activity, file changes, network connections, and system events—EDR gives security teams visibility into what’s happening on endpoints. It uses analytics and behavior-based detection to spot unusual or malicious activity, allowing investigators to hunt for threats, determine the scope of an intrusion, and take rapid actions to contain or remediate, such as isolating a device or terminating harmful processes. This focus on endpoint telemetry, detection, and real-time response is what distinguishes EDR from other security tools.