What are EDR and MDR tools?

**EDR** (Endpoint Detection and Response) monitors endpoints for threats: detecting malicious behavior, investigating incidents, and enabling response. When email-delivered **malware** executes, **EDR** can detect and contain it.

**MDR** (Managed Detection and Response) adds human expertise: security analysts monitoring **EDR** output, investigating alerts, and coordinating response. **MDR** services provide expertise organizations lack internally.

Email security relevance: **EDR**/**MDR** provide defense-in-depth when email security misses threats. They catch **malware** that bypasses email filters, detect post-compromise activity, and enable investigation of email-originated incidents.