---
type: "term"
title: "EDR (Endpoint Detection and Response)"
description: "A category of security tools that monitor endpoint devices for suspicious activity and provide automated response capabilities."
resource: "tlctc:term:edr-endpoint-detection-and-response"
tags:
  - "glossary"
---
# EDR (Endpoint Detection and Response)

A category of security tools that monitor endpoint devices for suspicious activity and provide automated response capabilities. In the TLCTC velocity model, EDR is a critical control for the **Fast Velocity Class** (minutes) where automated containment is necessary because human analyst response times are insufficient. EDR is particularly relevant for controlling `#3 Exploiting Client` and `#7 Malware` at the endpoint level.

See also: Fast Velocity Class, SIEM, SOAR