According to the Endpoint Detection and Response - Global Market Outlook (2017-2026) report, the adoption of cloud-based and on-premises EDR solutions are going to grow 26% annually, and will be valued at $7273.26 million by 2026.
EDR solutions are primarily an alerting tool rather than a protection layer but functions may be combined depending on the vendor.
The data may be stored in a centralized database or forwarded to a SIEM tool for cyber monitoring.
However, some common capabilities include the monitoring of endpoints in both the online and offline mode, responding to threats in real-time, increasing visibility and transparency of user data, detecting stored endpoint events and malware injections, creating blocklists and allowlists, and integration with other technologies.
[1][8] Some vendors of EDR technologies leverage the free MITRE ATT&CK classification and framework for threats.