EPP and EDR are two types of endpoint security solutions that have different goals and capabilities. EPP stands for endpoint protection platform, which is a suite of technologies that work together to prevent, detect, and remediate security threats on endpoints. EPP solutions use techniques such as antivirus, firewall, application control, and patch management to block known and unknown malware and malicious activity. EDR stands for endpoint detection and response, which is a solution that provides real-time visibility into endpoint activities and enables security teams to detect, investigate, and respond to advanced threats that may have bypassed EPP defenses. EDR solutions use techniques such as behavioral analysis, threat intelligence, and incident response to flag offending files at the first sign of malicious behavior, contain and isolate compromised endpoints, and remediate the damage caused by the attack. Therefore, the correct answer is D, as having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior. The other options are incorrect because:
A is false, as EPP focuses primarily on threats that have evaded front-line defenses that entered the environment, not EDR.
B is false, as having an EPP solution allows an engineer to detect, investigate, and remediate modern threats, not EDR.
C is false, as EDR focuses on detection and response at the endpoint level, not prevention at the perimeter. References:
EPP vs. EDR: Why You Need Both - CrowdStrike
EDR vs EPP: What is the Difference? - Exabeam
EPP vs. EDR: What Matters More, Prevention or Response? - Cynet
Submit