EDR stands for endpoint detection and response, while EPP stands for endpoint protection platform. EDR and EPP are two types of endpoint security solutions that have different capabilities and objectives. EDR provides real-time visibility into endpoint activities, detects malicious behavior and anomalies, and enables security teams to investigate and respond to threats. EPP prevents, detects, and remediates security threats on endpoints, such as known and unknown malware, ransomware, and zero-day vulnerabilities. EPP solutions may also include EDR capabilities, but not all EDR solutions include EPP capabilities.
One of the key features of EDR is retrospective analysis, which means the ability to look back at historical endpoint data and identify the root cause, scope, and impact of a security incident. Retrospective analysis helps security teams understand how the threat entered the network, what actions it performed, and how to prevent it from happening again. EPP solutions, on the other hand, do not provide retrospective analysis, as they are mainly focused on preventing and remediating threats, rather than investigating and responding to them.
Therefore, the correct answer is B. Retrospective analysis is a characteristic of an EDR solution and not of an EPP solution.
[References:, EPP vs. EDR: Why You Need Both - CrowdStrike, EDR vs EPP: What is the Difference? - Exabeam, Understanding MDR, EDR, EPP, and XDR | Netsurion, EDR vs EPP: Key Features, Differences, and How They Work Together, Endpoint Security Tools: EPP vs EDR | Prey Blog, , , , ]
