The cybersecurity business is known for coining phrases and acronyms that become popular and then fade away before they can be fully comprehended. We understand that rapid innovation may be chaotic, resulting in a lot of uncertainty and clutter. While it’s great and good to see so many solution providers design new solutions and improve on existing ones, resulting in new concepts, all of this terminology isn’t always necessary to stand apart. As a result, business and IT leaders are left unsure of which cybersecurity solutions they actually require, which are redundant, and which are complementary.
So, this is CYB3R-X’s attempt to clarify the air, to assist you in separating fact from fiction, and to help you make the best cybersecurity solution decision for your company.
MDR
This has been a hot term lately. MDR (managed detection and response) is actually missing a word. That assumed word is “threat” as in managed threat detection and response. Some argue, the missing word is “endpoint”, but then again, that gets into EDR, which yes, could be delivered as a managed service…but we’ll get into that later.
What exactly constitutes MDR? MDR isn’t a technology – it’s a service. What makes MDR unique is its focus on leveraging technology and expertise to continuously monitor IT assets, to quickly detect and effectively respond to true cybersecurity threats.
The technology behind an MDR service can include an array of options, and this is an important thing to understand when evaluating MDR providers. The technology stack behind the service determines the scope of attacks they have access to detect. Cybersecurity is about “defense-in-depth” – having multiple layers of protection to counter the multiple attack vectors possible. Various technologies are used to provide more complete visibility and thus more complete detection and response capabilities. To name a few, some of the technologies behind an MDR service include:
- SIEM (Security Information and Event Management)
- NTA (Network Traffic Analysis)
- EPP (Endpoint Protection Platform)
- IDS (Intrusion Detection System)
