Firstly let's understand what an EDR (Endpoint Detection & Response) is and what's the difference with a traditional AntiVirus.

Checkpoint provides a good description on the main differences in this article. (also copied below)

What Is EDR?

EDR provide multilayered, integrated endpoint protection. Key features of an EDR security solution include:

• Alert Triage: Security analysts are often overwhelmed by large volumes of alerts from various cybersecurity solutions. EDR triages potential malicious events, enabling security analysts to focus their efforts where they are most effective.

• Threat Hunting Support: Threat hunting enables an organization to identify and respond to threats that were not detected or blocked by enterprise security solutions. EDR solutions should provide integrated support for threat hunting activities.

• Data Aggregation and Enrichment: Contextual information is vital to differentiating between true cyberattacks and false positives. EDR solutions aggregate data from multiple sources and use this data to more accurately identify true threats.

• Integrated Incident Response: EDR should offer support for incident response within the same console. By eliminating context switching, this supports more rapid incident response.

• Multiple Response Options: Different security incidents require different types and levels of response. An EDR security solution should provide multiple options (quarantine, eradication, etc.) for an analyst to address the issue.

What Is Antivirus?

Antivirus solutions are designed to identify malicious software or code that has infected a computer. AVs use various methods to identify potential malware infections, including:

• Signature-Based Detection: Signature-based detection identifies known threats based on signatures such as file hashes, command and control domains, IP addresses, and similar features.

• Heuristic Detection: Heuristic or anomaly detection identifies malware based on unusual or malicious functionality. This enables it to identify zero-day threats that signature-based detection would miss.

• Rootkit Detection: Rootkit detection identifies malware designed to acquire deep, administrative access to an infected computer.

• Real-Time Detection: Real-time detection attempts to identify malware at time of use by scanning and monitoring recently-accessed files.

AV solutions enable the detection and remediation of malware infections on a computer. This can include terminating malicious processes, quarantining suspicious files, and eradicating malware infections.

Why AV Is Not Enough

AV is designed to identify malware on a computer, but cyber threat actors are growing increasingly sophisticated. Traditional, signature-based detection is no longer effective at identifying modern malware due to the rapid evolution of malware and the use of unique malware and infrastructure for cyberattack campaigns. Additionally, malware developers are using various techniques such as fileless malware to evade detection by antivirus solutions.

Detection of modern threats to endpoint security requires more information and context than is available to AV systems. EDR integrates a range of security functions, enabling it to detect trends and other indicators of a successful incursion. Additionally, the response capabilities provided by EDR enable security analysts to more quickly act to address potential security incidents, limiting the impact of an attack.