It seems that every year there are new acronyms in cybersecurity. Yet, although it’s hard to recall the last time a group of acronyms caused as much confusion as the current crop of security buzzwords making their way into our conversations. Most of these offer some variation of “detection and response” as EDR and MDR have been joined by XDR, NDR, VDR and TDR. There has been plenty of debate on which of these are superset versus subset and other discussions on demystifying the acronyms (which all mean different things depending on the presenter’s perspective).
It’s time to have an honest conversation about these various approaches and technologies. Rather than drawing overlapping lines, organizations are better served by simplifying their approach and focusing on people and processes.
Reducing the Complexity of Security
The make-up of an organization’s IT estate is dynamic. Still, there are a few constants – mobile devices, endpoints, servers, SaaS applications and cloud infrastructure – all of which require threat prevention and detection. One thing history has taught us is point products for each element of the estate are great. Still, they are single components that must either enrich or be enriched with various other sources to provide actionable insight and meaningful value. The addition of each point product also introduces another layer of complexity, which does not help improve security posture.
The scarcity of skilled security talent makes finding expertise across multiple point products from various vendors extremely difficult. The talent shortage is also a key reason why SIEMs have not provided the promise of improved security posture for an organization since the data models require constant tuning to filter out noise, reduce false positives and gain actionable insights. Organizations need to think about the security outcome they want and then adopt a strategy that allows the coverage they need with the fewest point products possible to reduce complexity.
Protecting the Entire IT Estate with EDR and MDR
The model gaining rapid popularity combines endpoint detection and response (EDR) with managed detection and response (MDR). EDR is considered by many to be the best solution to protect endpoints (mobile devices, laptops, workstations), and its maturity means there is a large pool of expertise available for the extraction of actionable insights. However, organizations that do not have this expertise or want to have their security resources focus on EDR have the option of Managed EDR, which provides the same benefits in securing the endpoints.
MDR builds on EDR to protect the rest of the IT estate by ingesting EDR feeds and the telemetry data from network devices, cloud infrastructure and any server workloads where threat intelligence and analytics can be applied from security experts who monitor the environment 24/7, providing actionable insights constantly. An MDR solution should include the capabilities of NDR, VDR, TDR and XDR, which allows an organization to eliminate these niche vendors and reduce complexity.
Security experts agree that removing complexity and simplifying operations are best practices to improve an organization’s security posture. The combination of EDR and MDR provides comprehensive coverage to protect mobile devices, laptops, workstations, IaaS platforms and SaaS apps and security expertise that filters out the noise and provides a curated set of prioritized incidents. This allows organizations to focus on their daily operations and ensures holistic visibility and context into threat actions, speeding response times and limiting any impact should compromise occur.