We’re answering three questions about MDR, but instead of the normal boring 30 minute webinar we’re going to try to do it in about 3 minutes of actually helpful information.
Question one, What is XDR?
Well basically, all these Endpoint Detection and Response, or EDR, companies took what they’re doing on the endpoint and expanded it. Mostly into identity and network but other stuff gets thrown in there as too: sometimes email, sometimes CASB, sometimes just whatever random thing they think is interesting. Basically the point is take what’s great about EDR and the endpoint and then expand it into these other great tools so that your team has full visibility into what’s going on in the organization, not just what’s happening on the endpoint.
Question two, Why would you even want XDR?
Well I think the answer’s obvious. What EDR does on the endpoint is fantastic. It definitively tells you what’s happening, but only what is happening on the endpoint. What about identity? Right? People aren’t just logging into laptops and servers. They’re logging into OneDrive, they’re logging into Salesforce. You need a way to see that activity as SaaS sort of takes over the world of IT. And, what about IOT and OT, speaking of? Right? These are devices you can’t install an agent onto but are still extremely important to have visibility into. A manufacturing company needs to know if their network is compromised even if they cant have an EDR agent.
So what XDR allows us to do is it takes EDR, and expands it into these other worlds so that you’re pulling in data from the network, from identity, from these other sources, and then correlating inside of a single dashboard giving you the tools to investigate and – even in some cases as more of these organizations mature – allow you to act on the results so that you can not only see what’s happening, but respond to it, which is a big win for cybersecurity.
Question three, What does MDR have to do with XDR?
Well MDR is already heavily imbedded into endpoint detection and response so with the adding of XDR it just increases the capability of what an MDR provider can do. That is of course assuming EDR really is XDR. Some organizations talk a big game and aren’t really delivering yet, but the future is clearly pulling all these sources into the EDR tool and then using that to provide this visibility. And so, the MDR’s goal is to layer on top of it. Provide people who can actually do work inside the platform. Providing expertise of who can respond to what when. Providing maturity, constantly taking advantage of these tools you have invested into. And then, most importantly, providing the SOC who will actually investigate, triage, and respond to attacks as they come from the tool. So that you have a tool that is working, fully realized, and it’s actually protecting you using all of these different sources.
CRITICALSTART is an MDR provider. We’ve been dealing with stuff outside the endpoint for years. XDR just made our lives that much easier. So, please, reach out to me and the team. Let’s dive deeper into what is XDR, where does it matter, and how does it help you. Or, check out Criticalstart.com and see the resources we’ve got there.
So, is that three minutes?