Today’s threat environment for enterprises and small businesses is expanding at a rate that makes keeping pace a challenge. Cybersecurity threats manifest today at higher volume, with greater diversity and more sophistication than ever before.
Highlights from the 2020 Cost of a Data Breach Report, conducted by IBM in partnership with the Ponemon Institute, demonstrate how organizations (small businesses, in particular) are falling behind the security curve, and the costs that result:
- 43% of all attacks target small businesses
- 86% of small businesses have no effective defenses against cyber attack
- $3.86 million average total cost of a data breach
- $150 average cost per lost record
- 60% of all small businesses close their doors within 6 months following a cyber attack
There’s an obvious shortfall in organizational cybersecurity investment that’s exposing companies to the risk of huge losses: The costs of being penny wise and pound foolish have never been clearer.
Having a robust threat detection and response capability is the foundation of effective security for enterprises, and most are faced with a choice: endpoint detection and response (EDR) versus managed detection and response (MDR). Following is a closer look at EDR vs. MDR, to help you better understand what each option delivers and determine which is better suited to meet your performance goals.
Related Reading: Cloud Security Using Defense in Depth
What Is EDR?
Endpoint detection and response is a platform of automated tools and capabilities that continuously monitor a system for suspicious activity within the security perimeter. These tools recognize malicious activity and immediately alert the security team, which allows for rapid investigation and containment of attacks on endpoints. Endpoints can be an employee workstation or laptop, a mobile device, a server, a cloud system, or other elements within a network. EDR includes:
- Endpoint protection
- Fileless threat protection
- Security data correlation
- Automated indicators of compromise detection
- Machine learning-based detection
- Ability to customize and add more advanced detection and response capabilities
- Live response tools
EDR solutions typically aggregate endpoint data from several processes, including user logins, process execution, and endpoint communications. This data is analyzed to reveal anomalous behaviors and potentially malicious activity, recorded, and forwarded to security teams, which can investigate and respond appropriately. Automated functions can even act to contain threats at the endpoint, effectively using isolation as a strategy to secure the network.
EDR solutions are ideal for enterprises that have a qualified, appropriately-scaled security team in place to evaluate generated security data, alerts, and incident reporting.
Related Reading: Monitoring Telework Security with Disappearing Network Perimeters
What Is MDR?
Managed detection and response is the next evolutionary step for organizations that need a more robust and responsive cybersecurity capability. MDR is an outsourced security control solution that includes the elements of EDR, enhanced with a range of fundamental security processes:
- Cloud-managed security infrastructure
- Host- and network-level investigation and response capabilities
- Advanced analytics
- Threat intelligence
- 24/7 human expertise availability
- Active threat hunting
- Active response to identified threat activity
MDR is a more advanced security solution, with the capability to identify and neutralize threats able to elude common organizational security controls. This service adds experienced, high skill-level analysts with a more comprehensive roster of cutting-edge security tools at their disposal. This provides an enhanced level of capability necessary for many enterprises, but otherwise beyond the scope and cost effectiveness of most budgets, resources, and personnel if attempted in-house.
An MDR solution is best suited to enterprises that need an advanced cybersecurity solution with a full range of automated and human capabilities, but do not want to devote the costs and resources required to maintain an in-house security operations center.
EDR vs. MDR: Which Do You Need?
Assessing your needs and investing in appropriate security controls can enhance resiliency and diminish the risk of damaging incidents. Put simply, EDR is a tool, whereas MDR is a process.
Thinking of the two as EDR vs. MDR is short-sighted. EDR and MDR are both valid security solutions, when selected correctly according to need, risk tolerance and budget: They each provide a high level of security control able to meet the challenge of continually evolving adversarial tactics and emergent techniques.
We’ve developed an e-book comparing the two options including the advantages and disadvantages of both, staffing costs, as well as costs associated with building a security operations center (SOC) versus outsourcing. Download the e-book!