What is the difference between Incident Detection Response (IDR) e.g. in Rapid7 InsightIDR and Endpoint Detection and Response (EDR) in other solutions?
The IDR focus is on the correlation of the host system vulnerability with the exploit activity. In a way, it will classify if an exploit or attack event is most potentially an incident.
However, IDR works by scanning the whole segment of the target hosts while EDR is running continuously at the endpoint level.
With the correct implementation of EDR, you could actually correlate EDR events with vulnerability assessment information and achieve the same objectives of IDR.
Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.
Hi @Navin Rehnius,
The IDR focus is on the correlation of the host system vulnerability with the exploit activity. In a way, it will classify if an exploit or attack event is most potentially an incident.
However, IDR works by scanning the whole segment of the target hosts while EDR is running continuously at the endpoint level.
With the correct implementation of EDR, you could actually correlate EDR events with vulnerability assessment information and achieve the same objectives of IDR.
@John Rendy Thank you for your answer.