KNOWLEDGE — THREAT DETECTION & MONITORING

EDR — Endpoint Detection and Response

EDR detects attacker activity directly on individual endpoints — laptops, servers, workstations — by monitoring processes, files, and memory.

EDR sits on the device and sees what happens there, which network-level tools can't. Its blind spot is the inverse: what happens between systems, on the wire, is outside its view. EDR and NDR are complementary, not competing.

AEGYS Monitor sees the network level — EDR sees the endpoint. Different layers.

AEGYS Monitor

RELATED TERMS

NDR — Network Detection and Response
XDR — Extended Detection and Response
Lateral Movement