What does Endpoint Detection and Response (EDR) provide?

• A. Provides better visibility over endpoints to detect and respond to cyber threats and exploits.
• B. It backs up data to the cloud.
• C. It only logs file changes.
• D. It is a firewall service.

Answer: (A)

Endpoint Detection and Response focuses on giving you visibility into what’s happening on endpoints so you can detect threats and respond quickly. It continuously collects data from endpoints—such as which processes are running, file and registry changes, memory activity, and network connections—and applies analytics to spot suspicious behavior and indicators of compromise. When a threat is detected, it not only raises alerts but also supports investigation and containment: triaging alerts, isolating an affected machine, terminating malicious processes, and guiding remediation. This capability is about detecting and responding to threats at the endpoint, not about backing up data, only logging file changes, or providing firewall services.