EDR, MDR and XDR: Deconstructing the Security Acronyms

IT and security teams can find it challenging to know what security technology offerings they should use in an ever-changing landscape. The three main emerging security acronyms are EDR, MDR, XDR; what does this all mean? It can be hard to keep up with how the security industry evolves. Let’s dive into them as the quick guide for decision-makers, including CIOs, CTOs and CISOs.

EDR (Endpoint Detection and Response)

Post-Covid environments mean having a dispersed workforce. Seventy percent of breaches are still originating on endpoints, which means the team needs to have better visibility into threats, such as locating files that might be malicious or related to another breach. The new EDR solutions give IT a deeper insight into what is happening, allowing them to respond and remediate the issue quickly.

Tips:

• Buyers must look for solutions developed for cloud delivery versus a lift and shift of servers in the cloud.
• Strong skills are needed to operate EDR tools, and so the adoption of EDR must be coupled with advanced training of the tool.
• EDR capabilities will add between 33 and 41 percent to the initial endpoint solution investment.

XDR (Extended Detection and Response)

Currently, many organizations have a best-of-breed security product portfolio, creating too many vendors and products with very little integration or coordination. For example, the traditional tool in most enterprises has been SIEM tools, which are good at collecting logs and often create a false sense of security. XDR is the advanced version of SIEM, EDR, networks, servers, and others, providing a single view across different tools.

Tips:

• XDR products can process and automate alerts faster.
• XDR products reduce the complexity of security configuration and incident response providing a better security outcome than best-of-breed components.
• Vendor lock-in and single point of failure are the primary concerns.

MDR (Managed Detection and Response)

MDR is a managed service utilized by organizations with limited resources or expertise to monitor their information security environment continuously. Decision-makers must be prudent by specifying specific security goals and outcomes.

MDR providers generally include a suite of cybersecurity tools, such as endpoint detection, SIEM, network traffic analysis, and User and Entity Behavior Analytics.

Tips:

• Good complimentary offering for many organizations that lack security personnel.
• Works well for organizations that have endpoint threat detection technologies but choose to outsource SOC functions.
• There are many different configurations, so decide where your gaps are.

The size and makeup of your organization will largely dictate which type of security solution makes the most sense for you.

This piece was written by David Chou, SVP and CIO at Harris Health System.