Welcome back to the Always On podcast series which connects the dots between security and technology. On this episode of Always On, Lane Roush from Arctic Wolf joins me to discuss the differences between MDR and EDR and how they can be used to help organizations reduce security risk. If you are looking for the best ways to reduce risk you might be surprised to hear that the answer is not in changing platforms. Listen in to discover what organizations can do to effectively reduce security risks.

You will want to hear this episode if you are interested in…

  • Fleshing out the differences between the acronyms [1:22]
  • Who is moving to an MDR provider and what is driving that need [7:57]
  • The distinction between the network and the edge [19:49]
  • Machine learning supporting the analyst [26:52]
  • Using MDR as one component in a greater security framework [38:04]

What are the differences between EDR and XDR?

At this point in time, almost everything has a detection and response component to almost every technology. In the cybersecurity space, you’ll hear so many different acronyms for these components. What do they all mean and what are the subtle differences between them?

EDR is an endpoint technology response that allows for policy building around detection methods. XDR is similar to EDR in that it has the end-point technology but it has the added effect of taking a wider view and integrating security across endpoints.

What is the difference between MSSP and MDR?

MSSPs have focused on commodity device management such as firewall management. MDR is a purpose-built technology and can identify advanced and commodity threats within the environment. The difference between the two is that MDR is focused and purpose-built whereas MSSP is more of a one-stop-shop.

Why are many organizations moving to an MDR provider?

In the past, many organizations were able to DIY their own security especially if they were already in the IT space. However, in the last few years, these organizations have come to realize that building a security operations center is completely different from building an app. Organizations now prefer to focus on their core business and would rather invest in a platform and resources, so recently there has been a shift in market trends from self-management to using an MDR. Many have come up with a hybrid solution that helps them find the right balance.

The best way to reduce risk

An excellent security operation is integral to running any organization in this day and age. As security professionals, it’s our job to show organizations how to handle the strategic side or be the engine.

Arctic Wolf helps companies outsource their security so that they can take standard security incidents and identify them early so that they can create automated IT processes to take action quickly. Arctic Wolf does much more than threat detection and security response. They have discovered that they can tie these security management devices together with a human response. This hybrid approach will drive down risk in a cost-effective way by reducing the likelihood of an attack. Using an MDR will give the organization a level of maturity but security training within the organization is just as important.

Connect with Lane Roush

Connect With NWN Carousel