What is EDR (Endpoint Detection and Response)?

EDR (Endpoint Detection and Response) is security software that runs on your computers and devices — your “endpoints” — and watches for suspicious behaviour rather than only matching known virus signatures the way traditional antivirus does:

• What it does — when it spots something acting like ransomware or an intruder, it can alert you, isolate the device, and help trace what happened.
• Why it matters now — it has moved from enterprise-only to within reach: the Gold tier of the SMB1001 certification standard expects EDR on every device.
• The practical distinction — classic antivirus asks “have I seen this exact threat before?” while EDR asks “is this device behaving like it has been compromised?” — which catches new attacks the signature list has not learned yet.
• For a very small team — EDR usually arrives bundled into a business security subscription rather than bought separately.

EDR is the modern replacement for antivirus — behaviour-based, not signature-based — and it is now a line item on the certifications customers ask for.