What is endpoint detection and response and how does it differ from antivirus?

Traditional antivirus relies primarily on signature-based detection, comparing files against a database of known malware signatures, and is effective against known threats but misses novel attacks. Endpoint detection and response, or EDR, continuously monitors endpoint activity, collects telemetry data, uses behavioral analysis and machine learning to detect suspicious activity, and provides investigation and response capabilities. EDR can detect fileless malware, living-off-the-land attacks, and zero-day exploits that signature-based antivirus misses.