Endpoint Detection and Response (EDR)

Endpoint detection and response (EDR) is security software on individual devices (workstations, servers, bridge and engine-room PCs) that continuously monitors behavior, detects malicious activity, and lets responders isolate or remediate the host. It goes beyond signature antivirus by recording process, file, and network events and flagging anomalies such as ransomware encryption bursts or unauthorized lateral movement. On vessels, EDR coverage is constrained by legacy operational-technology endpoints that vendors do not let third-party agents touch, so it is usually deployed on the IT side and at the IT/OT boundary, feeding a shore security operations center.