Explanation: EPP solutions solely focus on the perimeter of the network, which is the boundary between the internal and external networks. The perimeter is where most of the endpoints, such as laptops, desktops, mobile devices, and IoT devices, are located and connected to the network. EPP solutions aim to prevent, detect, and remediate security threats on these endpoints by using technologies such as antivirus, data encryption, and data loss prevention. EPP solutions rely on signatures and other indicators of intrusion by known threats to block malicious activity and malware on the endpoints12.
EDR solutions do not focus on the perimeter, but rather on the entire network, including the core and the East-West gateways. The core is the central part of the network that connects different segments and provides high-speed data transmission. The East-West gateways are the points of communication between different segments within the network, such as between different data centers or cloud environments. EDR solutions provide continuous and comprehensive visibility into endpoint activities across the network by using threat hunting tools for behavior-based endpoint threat detection. EDR solutions monitor and record endpoint data, detect anomalies and malicious behavior, and respond to threats that EPP and other security tools did not catch. EDR solutions also enable security teams to proactively investigate and contain incidents by using incident data search, alert triage, threat validation, and malicious activity blocking134.
References := 1: EPP vs. EDR: Why You Need Both - CrowdStrike 2: Comparing endpoint security: EPP vs. EDR vs. XDR | Infosec 3: EDR vs EPP: What is the Difference? - Exabeam 4: EDR vs EPP: Key Features, Differences, and How They Work Together
Diagram
Description automatically generated