Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
EDR vs NDR vs XDR vs MDR vs MXDR: WTH?
September 1, 2021
Join Optiv’s MXDR leadership for a deep dive into our new offering and its promise for your organization. Register for on-demand access now.
Evolving threat detection and response: what’s next now?
Endpoint detection and response (EDR). Network detection and response (NDR). Extended detection and response (XDR). Managed detection and response (MDR). Managed extended detection and response (MXDR). Yeesh, if it seems confusing, you are right.
Threat detection and response landscape (D&R) continues to evolve. Finding new and better ways of wreaking havoc is a cyber criminal’s core function. So it’s hardly surprising that the history of how to counter these security threats has been a chess match – attackers innovate and develop new methods, CISOs and their teams counter with more sophisticated defense tactics. Lather, rinse repeat.
The evolution of D&R methods, though... There are so many acronyms – all ending in “DR.” What the actual…heck? Let’s break down what each one means so you can assess which is best for you.
MDR appeared in the mid-teens as a 24/7 D&R service from MSSPs (or MDR-specific providers using specialized and/or proprietary technology).
Pros: MDR lowers the rate of alerts and false positives and affords greater visibility into emerging threats, allowing red teams to prioritize and investigate the most consequential ones. Its proactive and reactive services help contain and remediate threats.Cons: While lower, alert volume still may be high (driving “alert fatigue”).
NDR primarily captures north/south traffic (internet communications) to detect threats that bypass traditional firewalls, UTM appliances and NGFW appliances. East/west (LAN communications) traffic is supported by the NDR, but EDR is likely a better fit depending upon the use case due to the nature of capturing such traffic effectively and at a reasonable cost.
Pros: NDR presents a number of benefits, including an extensive rule set that identifies threats based on network communications and SOC services, which offer rapid incident response and mitigation/remediation assistance.Cons: New and emerging work-from-home policies often blur traditional network perimeter lines. Organizations with a large roster of remote workers may not have much traffic on their defined corporate network, meaning NDR will have minimal visibility into what takes place.
A more recent development, XDR emerged during 2019 as a SecOps platform that aggregates and analyzes data from multiple point products. These capabilities speed up D&R, although many platforms are limited by vendors lock-in.
What’s the difference between EDR and XDR?
Mostly cloud-native, XDR platforms go far beyond a SIEM’s data collection function. XDR platforms have pre-built integrations to interoperate with and capture telemetry … from servers, endpoints, networks, email, edge, cloud and SIEM/SOAR – enabling far more visibility than MDR. Working around the clock, XDR uses ML and analytics to correlate activity, normalize information, identify threats and reduce the alert noise.
Pros: XDR solutions reduce complexity via integration, automate responses and significantly reduce response times vs. MDR.Cons: XDR can pose vendor/compatibility issues. While XDR offers many features, many providers specialize in just a few areas. Some XDR solutions are compatible with a limited number of vendors (perhaps only one), forcing a compromise between the best specific purpose solution and general functionality.
MXDR is XDR delivered as a managed service. It integrates and works with existing technology, offering real-time threat detection and incident validation. The provision of supplemental technology and security skills makes MXDR simpler than DIY XDR. MXDR is also always-on and lightning-fast due to automated response and remediation across endpoints.
MXDR is a powerful enabler that unites log-capture data that’s either not seen by EDR and NDR services (such as Active Directory or VPN logins), as well as allowing correlation and validation from other rich log sources to validate threats.
Pros: MXDR leverages your existing technology investments and environment (saving a lot of money in the process); drives simplicity and transparency; lets you know which threats matter the most; and offers rapid IR and mitigation/remediation assistance.
In summary, managed extended detection and response is as good as it gets to detect and respond to today’s threats. It assumes and builds on the best features of the last 20 years of D&R, and while something even more advanced (probably ending in -DR) will surely be along in a few years, MXDR’s hands-on, engaged model positions us for the most proactive stance in our future battles against constantly evolving threat actors.
February 01, 2022
Optiv MXDR combines intelligence, expertise, advanced automation, and technology to secure your environment globally.
August 03, 2021
Optiv launches its technology-independent, cloud-based managed extended detection and response (MXDR) offering at Black Hat USA 2021.
Let us know what you need, and we will have an Optiv professional contact you shortly.