Posts

MDR or EDR. What’s right for you?

Targeted attacks are on the rise and often go undetected by traditional security solutions and methods. Endpoint Detection and Response (EDR) companies like CrowdStrike, Carbon Black, CounterTack, and a new up and coming company ZitoVault, have solutions that can stop targeted attacks in their tracks.

Why EDR?

Customized malware can bypass traditional antivirus solutions, so it’s imperative to take a broader and more proactive approach to protect your endpoints. This means real-time monitoring, detection and advanced threat analysis combined with response technology. EDR solutions can strengthen your security posture and augment your existing security tools and processes.

Why MDR?

When enterprises deploy EDR solutions, they face many of the same challenges found when deploying SIEM technologies. These include finding and maintaining qualified security staff, alert fatigue due to false positives, limited budget and lack of actionable intelligence. Without the expertise and staff who can both tune your security tools and respond to threats, you are at risk of a data breach and adding your new EDR solution to your collection of shelfware.  With the rise of EDR solutions, it’s no wonder that Managed Detection and Response (MDR) providers have surfaced to address these challenges. MDR is provided as a service, similar to managed security service providers (MSSP’s), but with a greater focus on detecting, investigating, and mitigating suspicious activities and issues – independent of whether events affect endpoints or perimeter devices.

When searching for a Managed Security Services Provider, look for one who can provide the following attributes that Gartner recommends:

  • Focus on detecting advanced or targeted attacks
  • Management and monitoring of inward facing security tools like endpoint security
  • The ability to correlate endpoint data with other data sources, use cases and threat intelligence.
  • The systems and processes to integrate and streamline monitoring, alerting, search and reporting for endpoint, cloud, and data center in a single view and with a common runbook.
  • Use of threat intelligence and advanced analytics
  • 24/7 monitoring, analysis and customer alerting of security events with less reliance on automated and more significant analyst investigations.
  • Incident response services, guided remediation, advanced persistent threat hunting and consulting on containment and remediation

Why not Both?

If you have already purchased an EDR solution but you are struggling to maintain security staff, lack of expertise or chasing false positives, look for an MDR provider who can leverage your existing investment and augment your security staff.