What is EDR?

EDR stands for endpoint detection and response. The purpose of EDR is to monitor system endpoints, such as computers, phones, and servers, for suspicious behavior. An EDR is also able to provide analytics, context for the analytics, stop possibly malicious behavior, and remedy or restore the system. Rather than being one program or application, an EDR is typically a system made of components that accomplish individual security tasks. Some examples of the components include antiviruses, automated analysis and forensic solutions, endpoint monitoring and management, and security team alert systems.  With these tools, an EDR is effectively able to prevent incidents, mitigate immediate threats, and quickly remedy the situation after an incident.

What is NDR?

NDR stands for network detection and response. The purpose of NDR is to monitor and record network traffic for suspicious and malicious behavior and respond to identified threats. Much like EDR, NDR uses a toolkit of advanced automated programs to prevent cyber incidents, mitigate current threats, remedy any possible breaches, and notify the security team of findings within the network. NDR can be based in the cloud, on premise, and virtual, and uses machine learning to identify unknown and known network threats.


Both EDR and NDR exist in the workplace to record and monitor, create analytics, alert the team of suspicious behavior, and put an end to a possible cyber incident. The difference between EDR and NDR is that NDR monitors communications within itself, which creates real time full visibility across the network. EDR on the other hand focuses on monitoring and preventing endpoint attacks, which are normally targeted towards computers and servers. Because of this, EDR can miss crafty attacks from cyber criminals, however, NDR is able to detect them. EDR is the ground-level view of the system while NDR is an aerial overview. NDR is considered more comprehensive compared to EDR, however, it can be considerably more difficult and expensive to configure. Most SMBs opt for EDR rather than NDR for this reason.

Why They’re Important

Whether EDR or NDR is a better fit for your business, it’s important to have them because they serve as 24/7 preventative, immediate, and after-incident cyber security. The automated features of EDR and NDR save your cyber security team time and money, and provide them with critical alerts and analytics in real time so they can understand and patch vulnerabilities in the system before they have a chance to be exploited.

We Know EDR and NDR

Configuring EDR and NDR is no easy task. Our expert technicians at KLH have a decade of experience in configuring advanced EDR and NDR systems and can help you understand which system is right for your business. Contact us at 952-258-8200 or info@klhmn.com to learn more about how KLH can set up EDR and NDR for your business.