EDR

Endpoint Detection and Response. A category of security software that continuously monitors endpoints for malicious activity, detects threats using behavioral analysis and threat intelligence, and provides automated or analyst-driven response capabilities including isolation, rollback, and remediation. EDR replaced traditional signature-based antivirus as the endpoint security standard for MSPs serving clients with any compliance requirement.

Common examples

Huntress, SentinelOne, CrowdStrike Falcon, Microsoft Defender for Endpoint.

Difference from AV

Antivirus detects known malware signatures. EDR detects behavioral anomalies — it can catch attacks that don't match any known signature.

Why it matters

Cyber insurance renewals increasingly require documented EDR deployment. Most breach investigations in the SMB market involve endpoints where AV-only protection was in place.