When an organization detects a potential threat, it sends out alerts via email or text, depending on the type of alert received. For example, suppose the alert contains specific information about the malware, such as the file name or IP address. In that case, the organization can use that data to determine whether the threat is genuine.
In some cases, the organization might want to take additional steps to protect itself. For example, if the threat is related to phishing emails, the organization could send a second alert, asking recipients to change passwords or delete sensitive files.
The organization can investigate the incident further if the threat is legitimate. For example, perhaps it wants to notify customers or employees of the threat. Or maybe it wants to block access to specific resources. Regardless of the outcome, EDR allows organizations to prevent future incidents proactively.