IT Security : EDR | XDR | MDR

August 16, 2023

In a short amount of time companies have spun up many different products and services that use to all be managed by a talented IT support team. If implemented with thought and purpose these tools will serve to greatly improve an organizations security posture and aid the IT security teams mitigation response efforts.

Endpoint Security has, necessarily so, evolved into a more thoughtful approach towards protecting systems.

EDR, which stands for Endpoint Detection & Response is the basic evolution of endpoint security or computer anti-virus software. (Malwarebytes)

XDR, stands for Extended Detection & Response. This approach looks to protect the endpoint, network and cloud solutions within an environment. (Crowdstrike)

MDR, is the Managed Detection & Response. This feature provides an IT security team to assist with managing an XDR implementation. This is very useful for supporting a team of IT security experts. (Sophos)

Any endpoint protection is only worth its weight based on the security definitions, behavioral analytics and heuristics it is built on. Every network is the same and every network is different. A comprehensive solution builds up a behavior based on the typical traffic experienced by endpoints, cloud systems and networks within a given environment.

For my money it is best to use a multi-pronged approach. Ensuring each product has it’s own unique way of managing threats is a helpful way to comprehensively cover your environment by diversifying. Regardless of how comprehensive a single product is, if a threat actor has to only overcome 1 barrier vs. 3 I would hedge my resources around the 3.

There’s always a caveat. Just because it is different, does not mean that it is necessarily better. So it is always worth the effort to ensure each product complements your environment respectively.