Is your company securing each endpoint?
When I first joined TrustDigital, there were so many different anacronyms that I never knew. This began with learning the Endpoint Solutions landscape. XDR? MDR? EDR? Cortex EDR? How many am I supposed to know and the difference between them?
I am writing this article to showcase a brief overview of what different types of Endpoint Solutions exist. Later I will dive deeply into each one and showcase which companies are providing these types of solutions and what questions companies should ask themselves when looking into Endpoint Solutions.
Types of EDR Solutions:
· EDR (Endpoint Detection and Response)
· XDR (Extended Detection and Response)
· MDR (Managed Detection and Response)
Basic Components:
1. Data Collection – Software components run on endpoint devices and collect information about running processes, logins, and open communication channels.
2. Detection – This analyzes the regular activity of the endpoint, detecting anomalies and reporting on those that could mean a security incident.
3. Data Analysis – which groups information from different endpoints and provides real-time analytics about security incidents throughout the corporate network.
Endpoint Detection and Response:
This is the essential solution for smaller and medium-sized businesses that want to see what each endpoint is performing daily; it is nothing too complicated, just another agent running on a device to report security-relevant telemetry from endpoints and looks for anomalies. This allows analysts to investigate and respond to potentially affected endpoints.
Extended Detection and Response:
If EDR is the person just reporting on the endpoints, XDR is the tech that takes it a step further and responds automatically either from being told if something were to occur or can sometimes already decide what needs to be done. It relies on more than one data point and looks at the network, the cloud, and any third-party data to extend protection. Zero-day attacks are also detected that other SIEM tools fail to find; this is achieved via AI and UEBAs (Use and entity behavior analytics).
EDR and XDR have one common difference:
EDR uses only one point of data: the endpoint, using this to grab all telemetry data to provide insight to the customer. XDR uses more than one point of data: The endpoint, the network, the cloud, or anything that can be combined to show what types of requests or actions are being made that are not generally performed at a particular time, user, or process.
Managed Detection and Response:
This is Endpoint security as a service. MDR will manage endpoint security technologies for organizations which includes EDR. Typically, it will consist of continuous monitoring, threat hunting, prioritization of threats and alerts, managed investigation services, guided response, and managed remediation. Someone from a different company will commonly contact the client and alert them of an event that the MDR solution detected.
Which one does your organization need?
Depending on your organization's size, personnel, and financials, one may go all in and try XDR. But some want just to take baby steps and try EDR to see if it fits well into the company's information security program. Or maybe you're already at capacity and need to sub-contract a user to manage the Detection and Response using MDR.
This was a brief overview of the current main types of Endpoint Solutions on the market. Most solutions will boil down to the main three components: Data Collection, Detection, and Data analysis. The following article on Endpoint Solutions will discuss how small to medium-sized companies can quickly adopt these solutions without breaking the bank: EDR.
Comments