EDR, MDR, XDR what is next for the CIO
IT and security teams can find it challenging to know what security technology or offerings they should use in an ever-changing security landscape. The three main emerging security acronyms are EDR, MDR, XDR; what does this all mean? It can be hard to keep up with how the security industry evolves. Let's dive into them as the quick guide for decision-makers (CIO, CTO, CISO).
EDR (Endpoint Detection and Response)
Post-Covid environments mean having a dispersed workforce. Seventy percent of breaches are still originating on endpoints. The team needs to have better visibility into endpoint threats, such as locating files that might be malicious or related to another breach. The new EDR solutions give IT a deeper insight into what is happening, allowing them to respond and remediate the issue quickly.
Buyers must look for solutions developed for cloud delivery vs. a lift and shift of servers in the cloud.
Need strong skills to operate EDR tools, so the adoption of EDR must be coupled with advanced training of the tool.
EDR capabilities will add between 33%- 41% to the initial endpoint solution investment.
XDR (Extended Detection and Response)
Currently, many organizations have a best-of-breed security product portfolio creating too many vendors and products with very little integration or coordination. For example, the traditional tool in most enterprises has been the SIEM tools, which are good at collecting logs and often create a false sense of security. XDR is the advanced version of SIEM, EDR, networks, servers, and others, providing a single view across different tools.
XDR products can process and automate alerts faster.
XDR products reduce the complexity of security configuration and incident response providing a better security outcome than best-of-breed components.
Vendor lock-in and single point of failure are the primary concerns.
MDR (Managed Detection and Response)
MDR is a managed service utilized by organizations with limited resources or expertise to monitor their information security environment continuously. Decision-makers must be prudent by specifying specific security goals and outcomes.
MDR providers generally include a suite of cybersecurity tools, such as endpoint detection, SIEM, network traffic analysis, and User and Entity Behavior Analytics (UEBA).
Good compliment offering for many organizations that lacks security personnel.
Works well for organizations that have endpoint threat detection technologies but choose to outsource SOC functions.
There are many different configurations, so decide where your gaps are.
The size and makeup of your organization will largely dictate which type of security solution makes the most sense for you.