The GoDaddy attack last November once again highlighted how vulnerable our digital systems can be, prompting many organizations to re-think their current cybersecurity posture in the wake of this troubling, and escalating, trend. Though every organization brings with it unique security considerations, there are a few strategies and policies that all organizations should consider implementing.
The goal of cybersecurity is to safeguard your organization’s digital assets, including data and systems. Both EDR and MDR work to achieve this goal in different ways, and a good strategy will rely on both approaches to create a robust, more comprehensive cybersecurity strategy.
EDR: A Software-Focused Approach to Cybersecurity
EDR (endpoint detection and response) is a software-based cybersecurity approach designed to detect and respond to endpoint threats. Endpoints refer to any remote computing devices that are able to connect with your network, including computers, smartphones, tablets, servers, and IoT devices. Endpoints act like the doorways to your network, making them key points of entry for cybercriminals. As such, these portions of your network are vulnerable and require special security considerations.
Good EDR is Reactive…
EDR is designed to safeguard these endpoints by using both tools and solutions to detect and address threats to your endpoints and hosts (such as networks). Should an endpoint or host become infected with malware or otherwise compromised, the software can also quarantine the affected systems or endpoints to help slow or stop the attack. EDR is incredibly valuable because it can detect advanced threats without relying on behavioral patterns or malware signatures like anti-virus software does. EDR can also trigger an adaptive response to a threat (much like your immune system responding to an infection), allowing your system to learn from the situation and adjust its response accordingly. This approach not only helps contain the situation at hand but also helps improve your threat responses moving forward.
… But Also Proactive
In addition to learning from past incidents, good EDR also takes a proactive approach by seeking out new potential threats before they become actual threats. EDR is also able to gather data about the overall health of your network and record network activity. Should an attacker manage to slip past your defenses, this treasure trove of data gathered before, during, and after the attack will prove invaluable for identifying the root cause of the attack so that steps can be taken to improve your security moving forward.
MDR: A People-Focused Approach to Cybersecurity
While EDR is a tool-based approach, MDR is a people-using-tools-based approach. MDR (managed detection and response) is a service that monitors your network 24/7/365 in order to detect, triage, and respond to cybersecurity threats.
EDR vs MDR
EDR works like a security system, setting off an alarm if a window is broken or a door is forced open in an attempt to scare off the intruder and alert the business owner that something is amiss. Unfortunately, even if the security system alerts the business owner, the owner may not immediately realize something is wrong. After all, she is a busy woman with a business to run. She is also only one person: if the break-in happens while she is asleep or in a meeting, she may not see the alert on her phone until she wakes up or the meeting has ended.
On the other hand, MDR is more like hiring a security guard: You already have an expert on-site, keeping an eye out for any suspicious activity. Should a break-in occur, the security guard can respond right away. That doesn’t mean that alarm systems aren’t useful, but they are more useful if you have a security guard keeping an eye on things as well.
MDR is one piece of the SOCaaS (security operations center as a service) ecosystem, helping create a holistic, turnkey solution to continuously monitor threats across your network.
Good MDR Incorporates EDR
MDR solutions are empowered by EDR solutions, much like how a security guard is better able to perform their job because of an alarm system. MDR analysts and other cybersecurity experts are able to use the data gathered by the EDR system, as well as the abilities it provides, to more easily assess the threat and respond swiftly and appropriately. By leveraging EDR systems, your cybersecurity team can use the data the system has collected to better prioritize threats (such as identifying which users are logged in and which systems and files are being targeted) and move quickly to shut down impacted systems or institute quarantines to contain the threat and minimize or even avoid further damage.
MDR is a particularly effective approach for small and medium-sized organizations, which are less likely to have in-house cybersecurity teams to manage and respond to threats identified by their EDR systems. Many managed security services providers offer a variety of services that can be mixed and matched to suit your needs, whether you are looking to fully outsource your cybersecurity needs or simply augment your existing in-house security team.
Looking to Improve Your Security Posture for 2022? VirtualArmour is Here to Help!
VirtualArmour also offers tailored services on an à la carte basis, allowing you to pick and choose the services your organization requires to create your own premium services package, essential services package, or tailored one-time expert consult. With offices in both Denver, Colorado, and Middlesbrough, England, we are able to offer live, 24/7/365 monitoring as well as industry-leading response times. We have extensive experience working with a variety of highly-specialized industries, including energy, finance, healthcare, and retail, and are well-versed in the unique security and IT challenges faced by service providers.
For more information about MDR, or to get started designing your custom MDR solution, please contact our team today.
Cybersecurity is a complex and continually evolving field, and keeping up to date is critical if you want to safeguard your organization and its digital assets effectively.
To help you stay up to date on the latest in cybersecurity news and trends, please consider visiting our Articles and Resources page and reviewing these educational articles with your team.
Cybersecurity Basics For All Organizations
- Hacked? Here’s What to Know (and What to Do Next)
- Building a Cybersecurity Incident Response Program
- Terms and Phrases Used in the Managed IT and Cybersecurity Industries
- The SMBs Guide to Getting Started with Cybersecurity
- Cyber Hygiene 101: Basic Steps to Keep Your Company Secure
- Identifying a Breach: Finding Indicators of Compromise (IOC)
- Making Sense of TTPs, Cybersecurity, and What That Means for Your Business
- The Shift From Cybersecurity Being a Want to a Need Just Happened
- What is a Managed Services Security Provider (MSSP)?
- What Your Vulnerability Scan Report is Telling You (and What It’s Not)
Cybersecurity Basics By Industry
- Cybersecurity Basics Every College and University Needs to Have in Place
- Case Studies & Services: Health Care
- The Ultimate Guide to Cybersecurity in the Healthcare Industry
- The Rising Cost of Healthcare Industry Data Breaches
- Case Studies & Services: Finance
- How the Financial Industry Can Strengthen Their Cybersecurity
- Case Studies & Services: Retail
- Case Studies & Services: The Energy Sector
- Case Studies & Services: Service Providers
- Cybersecurity for the Manufacturing Industry, What You Need to Know
Minimizing Your Risks
- What Are the Risks of Using Unsupported Hardware?
- The Ultimate Guide to Managed Threat Intelligence (2020 Edition)
- Airports are a Hacker’s Best Friend (and Other Ways Users Expose Themselves to Risk)
- Keeping Your Network Secure in a “Bring Your Own Device” World
- Basic Website Precautions: Keep Intruders Out with these Fundamental Security Best Practices
- What is Cybersecurity Insurance and Does Your Business Need It?
- What Your Business Can Learn From Netflix About Credential Sharing
Common Threats (and How to Avoid Them)
- The Modern Hacker: Who They Are, Where They Live, and What They’re After
- The Growing Trend of “Hacktivism”, and What it Means for Businesses
- In a Remote World, Social Engineering is Even More Dangerous
- Hackers Are Increasingly Targeting People Through Their Phones
- How Fear Motivates People to Click on Spam
- Ransomware is Only Getting Worse: Is Your Organization Prepared to Confront it?
- Everything You Need to Know About Ransomware (2019 Edition)
- 5 Old-School Hack Techniques That Still Work (and How to Protect Your Data)
- DNS Spoofing: What It Is and How to Protect Yourself
- Don’t Let Phishing Scams Catch You Unaware
- Cryptojacking: Because Every Currency Needs to Be Protected
- Why Your Company Could Be the Next Equifax or CapitalOne