What is EPP vs. EDR?


The key difference between an EPP and an EDR is that EPP's are designed to catch and prevent attacks as internet traffic flows into the endpoints they protect, while EDR's are there to monitor activity at and between system endpoints with the aim of catching attacks that have already gotten past the endpoint and into the system. An attack that bypassed an EPP may still be caught by an EDR, but that attack may also have time to do some damage between entry into the system and EDR detection in this scenario. That window between attack entry into the system and forensic (e.g. EDR) detection and mitigation is where DPP's runtime protection comes into play.