What is the difference between EDR, XDR, MSSP, MDR and why does my existing MSP not do these things for me?
As cyberattacks turn their focus on SMBs and SMEs, a growing demand for managed security services has yielded hundreds of new security providers with fancy acronyms to describe their new cutting-edge security offerings like EDR, XDR, MDR, and MSSP. Many small and mid-market companies are layering these services on top of their existing MSP resulting in a sharp rise in operating costs.
Let us break down these acronyms and the differences between them.
SMB vs SME businesses
- SMB – Small and Medium Sized Business – often thought of having less than 100 employees and between $5-$10 million in annual revenue
- SME – Small and Medium Enterprises (a.k.a. mid-market) – between 101 – 500 employees and $10 million – $1 billion in annual revenue
- EDR – Endpoint Detection and Response – These are typically agents deployed to endpoints to provide necessary controls, logging, and remediation capabilities. These are great solutions to properly protect laptops, desktops, and servers but what about services where you cannot install an agent (PaaS/SaaS services, headless systems, network appliances, etc.)
- XDR – Extended Detection and Response – XDRs fill the gap mentioned above with EDRs, they provide a platform to ingest events and log data from agents, monitoring solutions, appliances, 3rd party software services, and network activity. They typically apply machine learning and artificial intelligence to establish baselines and detect anomalies across the entire technology ecosystem. They are often capable of applying business rules to known events to assist with automated response and remediation.
- MSP – Managed Service Provider – SMB and SME companies typically find great value in MSPs to manage their technology services as they do not have the budget to staff and manage a 24×7 support team or the need for full time engineers with specific specialties for voice, networking, storage, security, servers, mobile device management, etc. The focus of MSPs have been primarily to ensure performance and availability of business-critical infrastructure and application services and to provide IT support to end users.
- MSSP – Managed Security Service Provider – Typically install and configure security appliances, software, and services to detect and report cybersecurity events to their customers. This can be a highly valued service but often leads to data overwhelm and noise for events that go unmanaged.
- MDR – Managed Detection and Response – They include the same services provided by MSSPs but go beyond by also providing remediation services. They typically have a SOC (Security Operations Center) made up of several security analysts filtering data, performing threat hunting, and executing response playbooks. These teams are often times are enabled to provide remediation of threats, however, must work closely with internal staff and/or MSPs that are responsible for the overall availability and performance of IT services.
Technology Spa has developed its own XDR platform which supports a variety of EDR solutions and service feeds which in turn uses machine learning and artificial intelligence to identify anomalies, correlate data, and provide threat hunting capabilities. The output of the XDR platform feeds into their custom Event Intelligence application in ServiceNow that does automated first level triage, response guidance, and/or automated remediation tasks. While other service providers have a black box approach where you must trust the magic that produces the output, Technology Spa can extend use of the platform to its customers in hybrid situations and provide full transparency of how the data is processed.
Contact us below to learn more about our services.