Long are the days of traditional signature-based anti-virus detection, pop-up viruses, adware, and screen saver defacing. In the first nine months of 2021, there was an estimated 495 million ransomware attacks across the globe, which is a 148% spike from the previous year, according to the network security company SonicWall. The growing concern of not just the sophistication of the attacks but also the scale and accessibility in which they can be delivered. Over the last decade, new and old cybersecurity companies have seized the opportunity to introduce new security solutions to the market, promising to be the solution to your cybersecurity woes.
New technologies such as next-generation anti-virus (NGAV), Endpoint Detection, and Response (EDR), Managed Detection, and Response (MDR), Extended Detection, and Response, and Endpoint Protection Platform (EPP). The market has been flooded by dozens of similar technologies from multiple companies, creating confusion about what solution is best for your organization. In this article, I will help break down the four most popular security solutions to help eliminate any confusion you may have. What is EDR? EDR stands for Endpoint Detection, and Response and is a local endpoint agent that resides on your devices, such as a laptop, desktop, or server. EDR is not your first line of defense and is generally a part of a layered security approach, with some form of anti-virus being the front door. EDR is an autonomous threat-hunting tool that provides 24/7 continuous monitoring and data analysis looking for abnormal activity. Out of the box, EDR generally comes with default remediation and quarantine playbooks, but most, if not all, rely on custom playbooks or exception rules to build context, reduce false positives, and increase accuracy. Pros
What is EPP? Endpoint Protection Platform, also known as EPP, is a comprehensive security platform consisting of various security solutions. EPP is a modern all-in-one security solution that allows security teams to consolidate resources. More modern solutions from providers such as SentinelOne and Crowdstrike will typically include next-gen AV, EDR, sandbox detention, threat analysis, threat hunting, data aggregation, asset inventory, AI, and more. Pros
What is MDR? MDR stands for Managed Detection and response and is an added human component to EDR, EPP, and XDR. MDR is generally an add-on service to complement EDR and XDR products with a team of security analysts who provide 24/7 support, monitoring, and response. The analysts will handle all security incident triaging as part of their contract. Many security vendors offer endpoint security solutions and security teams, but many companies will provide the service and integrate with dozens of different technologies. Pros
What is XDR? XDR stands for Extended Detection and Response tool, which provides 24/7 threat detection and response, and natively integrates with various security products. XDR provides visibility, telemetry, and analysis of an organization's infrastructure. XDR has all the same functionality as an EDR and EPP but can integrate with other tools and infrastructure in your corporate tech stack. Additionally, most XDR vendors can integrate into containers and cloud workloads with traditional endpoints. Pros
0 Comments
|
Daniel ArdekaniSecurity Engineer | M.S. Cybersecurity | eJPT Archives |