Home > Mechanisms > Endpoint Threat Detection and Response

Endpoint Threat Detection and Response

Endpoint Threat Detection and Response

Endpoint security refers to the protection of an organization's network when accessed via remote devices such as laptops or other wireless and mobile devices. Endpoint threat detection and response (ETDR) focuses on the endpoint as opposed to the network, threats as opposed to only malware, and officially declares incidents. It contains a collection of tools used for both detection and incident response. A mobile endpoint may use multiple methods and protocols to connect to cloud services and applications, while a fixed endpoint commonly uses one method and protocol to connect to cloud services and applications.

Figure 1 shows ETDRs being queued by a threat intelligence system.

Figure 1 - ETDR in the context of a threat intelligence system.

Advanced threats and zero-day attacks require organizations to detect and respond based on realtime monitoring and a continuous recorded history to reduce the attack surface with multiple forms of prevention. The ETDR strategy is to deploy sensors that cross network and endpoint boundaries. The architecture requires that the endpoint platforms' security, secure boot processes, and encryption key protections are in place.

Related Patterns: Cloud Certified Professional (CCP) Module 7: Fundamental Cloud Security Cloud Certified Professional (CCP) Module 8: Advanced Cloud Security

This mechanism is covered in CCP Module 7: Fundamental Cloud Security and
in Module 8: Advanced Cloud Security.

For more information regarding the Cloud Certified Professional (CCP) curriculum, visit

Cloud Computing Design Patterns

The architectural model upon which this design pattern is based is further covered in:

Cloud Computing Design Patterns by Thomas Erl, Robert Cope, Amin Naserpour

(ISBN: 9780133858563, Hardcover, ~ 528 pages)

For more information about this book, visit