July of 2013 saw Anton Chuvakin of Gartner coin the term endpoint threat detection and response, later shortened to endpoint detection and response (EDR).1 With his insight, Anton christened an industry wide evolution to a select but burgeoning set of industry software tools, and signaled that traditional endpoint protection platforms had outlived their usefulness.
EDR was seen by Gartner as offering the promise of detecting and investigating suspicious behavior and activities on hosts and endpoints. EDR was an important new solution that defenders of corporate environments could use to better defend themselves from cyberattacks.
The EDR sector began a rapid (and still growing) one as security operations centers (SOCs) added the toolset to provide additional telemetry to feed into their security information and event management (SIEM) platforms. Today, along with the SIEM, EDR is regarded as a bedrock of any SOC, and whether an organization chooses to operate EDR as an in-sourced solution or consume it as a managed service, few organizations would downplay the significant benefits it offers to security visibility.