What is the difference between EDR, XDR, MSSP, MDR and why does my existing MSP not do these things for me?

150 150 Troy McSimov

As cyberattacks turn their focus on SMBs and SMEs, a growing demand for managed security services has yielded hundreds of new security providers with fancy acronyms to describe their new cutting-edge security offerings like EDR, XDR, MDR, and MSSP.  Many small and mid-market companies are layering these services on top of their existing MSP resulting in a sharp rise in operating costs.

Let us break down these acronyms and the differences between them.

SMB vs SME businesses

  • SMB – Small and Medium Sized Business – often thought of having less than 100 employees and between $5-$10 million in annual revenue
  • SME – Small and Medium Enterprises (a.k.a. mid-market) – between 101 – 500 employees and $10 million – $1 billion in annual revenue


Security Tools

  • EDR – Endpoint Detection and Response – These are typically agents deployed to endpoints to provide necessary controls, logging, and remediation capabilities. These are great solutions to properly protect laptops, desktops, and servers but what about services where you cannot install an agent (PaaS/SaaS services, headless systems, network appliances, etc.)
  • XDR – Extended Detection and Response – XDRs fill the gap mentioned above with EDRs, they provide a platform to ingest events and log data from agents, monitoring solutions, appliances, 3rd party software services, and network activity. They typically apply machine learning and artificial intelligence to establish baselines and detect anomalies across the entire technology ecosystem.  They are often capable of applying business rules to known events to assist with automated response and remediation.


Managed Services

  • MSP – Managed Service Provider – SMB and SME companies typically find great value in MSPs to manage their technology services as they do not have the budget to staff and manage a 24×7 support team or the need for full time engineers with specific specialties for voice, networking, storage, security, servers, mobile device management, etc. The focus of MSPs have been primarily to ensure performance and availability of business-critical infrastructure and application services and to provide IT support to end users.
  • MSSP – Managed Security Service Provider – Typically install and configure security appliances, software, and services to detect and report cybersecurity events to their customers. This can be a highly valued service but often leads to data overwhelm and noise for events that go unmanaged.
  • MDR – Managed Detection and Response – They include the same services provided by MSSPs but go beyond by also providing remediation services. They typically have a SOC (Security Operations Center) made up of several security analysts filtering data, performing threat hunting, and executing response playbooks.  These teams are often times are enabled to provide remediation of threats, however, must work closely with internal staff and/or MSPs that are responsible for the overall availability and performance of IT services.

Technology Spa has developed its own XDR platform which supports a variety of EDR solutions and service feeds which in turn uses machine learning and artificial intelligence to identify anomalies, correlate data, and provide threat hunting capabilities.  The output of the XDR platform feeds into their custom Event Intelligence application in ServiceNow that does automated first level triage, response guidance, and/or automated remediation tasks.  While other service providers have a black box approach where you must trust the magic that produces the output, Technology Spa can extend use of the platform to its customers in hybrid situations and provide full transparency of how the data is processed.

Contact us below to learn more about our services.

Cloud Synchrony is Joining Technology Spa

150 150 Troy McSimov

Cloud Synchrony signed a Letter of Intent in March to join Technology Spa, and the acquisition is expected to be completed by the end this month. Technology Spa is already a Microsoft Gold Partner, and this addition further strengthens the company’s Microsoft 365 and Azure full services offerings. Cloud Synchrony brings enterprise accelerators for cloud migration planning and execution and in-depth expertise in the full Microsoft 365 offerings.

Technology Spa has been providing private and public cloud managed services for nearly 20 years, balancing both right-fit customized service offerings with rapid onboarding and templated approaches. Technology Spa also provides advisory and consulting services to help its customers with operational transformations and implementing mature Technology Business Management, Integrated Risk Management, and Service Delivery processes.

Technology Spa Covid-19 Emerge Program

150 150 Troy McSimov

Technology Spa is helping our customers meet challenges in the “New Normal”. We have reference-able success in strengthening and supporting Work From Home (WFH) initiatives, planning, optimizing and securing hybrid and cloud-based infrastructure. Our experts have years of experience and leading edge certification and training to deliver the outcomes needed to meet short and long term demands in the “New Normal”. Furthermore, our team can provide fully managed services or fractional experts to help deliver the expertise you need during transition and ongoing operation.

In order to help customers rapidly and cost effectively meet their most critical needs during this time, we are introducing the “Emerge Initiative” at Technology Spa. This program seeks to target issues and initiatives our customers are seeing as they “Emerge” from quarantine and simply package services that provide end to end assessment, evaluation and action focused on dealing with the challenges outlined above. These include:

  1. Enterprise remote workforce enablement. Our team will analyze your current setup and put together a plan to help you meet the needs of your remote team while improving your security posture, promoting performance and addressing compliance in the process.
  2. Return to work enablement. Assist with implementing solutions to help with COVID-19 Crisis Management through emergency outreach, self-reporting, and exposure management tools that provide out-of-the-box portal, processes, workflows, and dashboards.
  3. Risk assessment: this is a short engagement to evaluate your environment to identify weaknesses before they are exploited and make recommendations against best practices to remediate. This service is very helpful to customers who had to move quickly to support work from home (WFH). As such, the analysis will include (but not limited to) identification of vulnerabilities introduced by WFH enablement, and recommendations to help provide durable and scalable security to support a remote workforce ongoing.
  4. Cloud Strategy Planning, Operational Transformation, Cost Optimization. Many of our customers are needing to shift into a hybrid cloud model to address the “New Normal” for their business. We are helping them to ensure they meet the needs of the business while adding the elasticity, and agility needed in a cost optimized model.
  5. Fractional expert transitional resources and managed services. Our team will provide you with the expertise you need as you transition your enterprise compute into the new normal. This can include expert advisors to help with day to day architecture, planning and security to a full 24×7 SOC/NOC and helpdesk. We can provide subject matter experts at the point and time and for the duration your team needs while you transition, allowing you to fully understand your long-term needs before bringing on FTE.

We would like the opportunity to help you make this transition. Please contact us to get started!

Migrating DEC, HP and Sun Servers into the cloud

150 150 Troy McSimov

 Learn how much you could save by switching to Stromasys

Are you running critical legacy applications on obsolete and unsupported hardware from Sun Microsystems, DEC or HP?

You may benefit from a new program in which Technology Spa is partnering with Stromasys to reduce the cost, risk and effort needed to migrate legacy systems into the cloud, while extending the life of your business critical systems running on DEC, HP, and Sun servers. Additionally, through Technology Spa’s partnership with the major cloud providers, we can help our customers take advantage of historical incentives and funding to help reduce migration and operating costs.

Are you facing the decision, in support of new work from home requirements, of accelerating your migration to cloud or making an additional capital investment in the data center just to prop up systems that a few months ago were only accessible inside of the corporate firewall?

Are you running into compliance issues when faced with aging hardware and applications but are technologically locked into legacy platforms that are expensive to maintain and at risk of failure?

By removing the classic hardware from the equation, Stromasys Charon™ solutions greatly reduces the risk of unplanned downtime and failure. Furthermore, migration into the cloud adds elasticity and improves reliability and availability using redundant hardware and data replication technologies not available in classic hardware.

Stromasys is a pioneer in the field of cross-platform server virtualization technologies and provides Charon™ emulation software solutions for classic DEC, HP, and Sun systems. This software makes it possible for x86 servers to mimic older (legacy) servers, so that the original applications can keep running on modern hardware — without modification, so no recompiling, re-certifying, nor migrating source code.
Stromasys cross-platform server virtualization presents an alternative to full migration and searching for used parts. With Stromasys, you simply swap out your end-of-life (EOL) classic hardware and move your entire software stack to the new virtualized environment — increasing performance, lowering cost, and reducing risk — all at once, and in a matter of days. Stromasys has the ability to serve its clients globally with its products, services, and support that make virtualization not only a smooth and low-cost transition, but also the smartest way forward.

Technology Spa engages with customers to evaluate these legacy systems for modernization and migration into the public cloud. Our team not only looks to find compatibility with the virtualization stack, but also analyzes dependencies, and optimizes across the public cloud stack to emphasize reliability, scalability and performance while addressing your budget needs.

My team would like the opportunity to help you in evaluating the fit and benefits of using Charon™ and migration to public cloud. Please use the “Contact Us” button below to get started.

The Next Evolution of Event Management is Event Intelligence (EI)

1920 960 Troy McSimov

In this Technology Spa blog, we explore the next evolution of event management and how the discipline is evolving towards a concept we term “event intelligence”.

ITIL defines Event Management as the process that monitors all events that occur through the IT infrastructure.  It allows for normal operation and detects and escalates exception conditions.

An IDC study of the IT operations management (ITOM) market estimated $9.5 billion in 2018 revenue while the Globe Newswire estimated the Security Information and Event Management market at $2.6 billion in 2018 revenue. “The market is being driven by the need to monitor, manage, and optimize systems, infrastructure, applications, and end-user experience across increasingly complex on-premise, hybrid cloud, public cloud, multicloud, and containerized deployments” – IDC.

The Increasing Scope of Event Management

Beyond the ITIL focus on service availability, IT event management is also vital for governance, risk and compliance (GRC), security incident and event management (SIEM) and many other service management-related areas such as incident and problem management, root cause analysis, effectiveness of controls, data integrity and continuous improvement.

In the SIEM arena alone, IT professionals can be looking at a wide array of events related to data loss prevention, data classification, data exfiltration, bad actors, malware, phishing, spoofing, unauthorized access, compliance, vulnerabilities and threat hunting and much more.

These events can come from many different types of devices such as operating systems, network devices, applications, firewalls, endpoints, security agents, monitoring systems, 3rd party APIs, email, facility equipment such as HVACs and cameras, IOT devices, point of sale systems and many others.

The ways to consume this information is highly varied as well. Raw event information is often made available to IT decision makers via log files, monitoring alerts, SNMP, WMI, APIs, RSS feeds, event hubs, dashboards, discovery tools, SIEM tools, APM tools, ITSM tools, email and even user-reported events.

Today’s Challenges with Event Management

With many organizations adopting a “cloud-first” strategy and finding themselves with services distributed across multiple cloud service providers (see “3 Recommendations for your Multi-Vendor Cloud Strategy”), the ability to manage events across all these providers creates new challenges.

In addition to typical integration and complexity challenges, other challenges often include staff limitations (such as lack of time, prioritization or attention as well as potential human error), data issues (such as data that’s difficult to read, interpret and correlate) and storage limitations (such as volume and flow rates of raw event data, associated costs and data retention requirements).

Today’s technology solutions address these issues to some extent, but often experience:

  • High initial expense, with ongoing costs continuing to rise
  • Competition with cloud native tools that provide similar capabilities in a limited scope
  • Solutions deployed in silos (APMs, SIEMs, syslog servers)
  • Risks related to sensitive log data (localization, encryption)
  • Limited data transformation and customizations available
  • Limited integration into ITSM tools

Overall, these numerous challenges can be grouped into data overload, siloed tools and data, and the cost of proprietary systems as follows:

  • Data Overload – The amount of data that IT must deal with in order to deliver IT service functions has reached the state of constant overwhelm. Simple aggregation only exacerbates the problem so that “data plus data equals more data”.
  • Siloed Tools and Data – Most of the tools that exist in the market today are siloed by function (SIEM, ITSM, etc.) meaning no-one has a holistic view of events across the enterprise. In addition, working with multiple cloud providers means more consoles to monitor which in turn means more data and high data egress costs to integrate this data for event correlation.
  • Cost of Proprietary Systems – The cost of commercial solutions that scale with your data, for example, also scale in their license expense. This can lead to either trimming data at an arbitrary number of hours, days, weeks, or months to meet budget or deciding that some data isn’t going into the solution at all.

Event Intelligence

The ultimate objective of event management is to help people make smarter decisions about events (such as informational, warning or exception events) or in some cases to intelligently automate these decisions.

To drive action and decision, data first needs to be converted to information and then to intelligence. Intelligence is what allows organizations to move from individual events which must be triaged to orchestrated and holistic responses.

State-of-the-art solutions, therefore, need to be smart about how they address these challenges:

  • From Data Overload to Event Intelligence – They need to tackle data overload in an intelligent way that doesn’t necessitate analyzing every single raw event from every single console.
  • From Silos to Intelligent Tool and Data Integration – They need to find workarounds for data egress costs, for example, by ingesting the signals and outputs from cloud providers consoles without the need to replicate the entire data set.
  • From Proprietary to Open Source for Incomparable ROI – They need to be based on open source technologies so that they deliver incomparable ROI

Introducing hotrock from Technology Spa

Fortunately, there is a solution to assist organizations in solving these growing challenges without breaking the bank. The Open-source solution hotrock (sponsored and created by Technology Spa), provides the following features to turn event data into event intelligence:

  • No licensing costs, only pay for compute resources
  • On-premise, cloud, or SaaS deployment options
  • Hybrid and multi-cloud aggregation
  • Highly scalable, multi-region capabilities with end-to-end encryption
  • Ready to integrate into most common infrastructure solutions
  • Single point of aggregation of events across hybrid and multi-cloud deployments
  • Dashboards and out of the box analysis for common IT and security related events
  • Integration into ITSM and other event management solutions
  • Used to augment and/or replace existing solutions

With digital transformation and the digital customer experience a high priority on most corporate agendas, next generation event management solutions such as hotrock can help you apply event intelligence to navigate data overload, cut through the silos and reduce costs.

For more information about hotrock, please contact us today at support@hotrock.io.


Making the Most of Your Commute

TechSpa Admin

Curabitur laoreet sed lorem id pulvinar. Sed nec nisi velit. Proin ut eleifend metus. Donec elementum massa turpis. Nulla facilisi. Etiam sit amet lacinia augue. Praesent malesuada tellus in nunc dapibus suscipit. Cras non turpis ipsum. Fusce non viverra arcu. Suspendisse vel laoreet velit.Phasellus imperdiet tincidunt interdum. Nunc imperdiet nulla quis ultrices rhoncus. Nulla condimentum a mauris in blandit. Morbi ornare odio felis, sed ullamcorper enim dictum eu. Donec aliquet lacus augue, ac rutrum dolor aliquet et. Phasellus in finibus orci, vel feugiat tellus. Nunc sed quam vel lorem tincidunt aliquam.Vestibulum imperdiet augue vel lectus suscipit feugiat. Vestibulum a justo et ante mollis suscipit sit amet a nulla. Nam facilisis odio a elit vulputate egestas. Ut sit amet dictum enim, quis pharetra libero. Donec metus enim, bibendum in diam ornare, porttitor cursus ipsum. Vivamus non sapien pulvinar, malesuada mauris ut, efficitur felis. Aliquam hendrerit vestibulum blandit. Morbi faucibus eget ipsum vitae maximus. Etiam posuere et velit ac facilisis. Phasellus tempor, enim tempus convallis pellentesque, erat quam sodales magna, id eleifend ligula tellus sed libero.Donec metus enim, bibendum in diam ornare, porttitor cursus ipsum. Vivamus non sapien pulvinar, malesuada mauris ut, efficitur felis. Aliquam hendrerit vestibulum blandit. Morbi faucibus eget ipsum vitae maximus. Etiam posuere et velit ac facilisis. Phasellus tempor, enim tempus convallis pellentesque, erat quam sodales magna, id eleifend ligula tellus sed libero. Phasellus in finibus orci, vel feugiat tellus. Nunc sed quam vel lorem tincidunt aliquam.