Security marketing can be frustrating – and that’s putting it lightly! Vendors often report that they do it all. They claim to be zero trust, AI-based, ML-infused, next-gen tools that will save the world. Their websites are designed to optimize search engine results instead of telling you what they really, truly do.
It frustrated us, too.
That’s why we are taking action and doing something about it.
The first step to sifting through all the marketing fluff in the cybersecurity space is to understand the terms used by various stakeholders within this landscape. Let’s jump into some of the common terms you will hear as you start to explore this space with us:
EPP is the natural evolution of what used to be called antivirus. It is now often included as a feature in many EDRs.
EDR is a software tool that looks inside computers to watch for potentially malicious behavior. The word “response” is often limited to minimal actions on the endpoint itself and does not include response outside devices.
NDR is a combination of technologies that include intrusion detection/prevention systems and other intelligence-based actions.
XDR is probably the most confusing term in the industry because it is used in many different ways. Traditionally, XDR is a combination of EDR and other internal threat feeds, most commonly from NDR. Often, it’s easier to describe what XDR is not! It is not a SIEM, log storage, or security orchestration tool.
Up until now, we’ve talked mostly about tools. Now, let’s talk about services.
Managed Detection and Response. MDR is another broadly used term and can be either narrow in scope or used more broadly. For example, some Managed EDR companies who only look at endpoints claim to be MDR. The best examples of MDR include a full SOC with threat feeds coming in from devices, applications, network, data, and users. These multiple threat feeds allow the MDR provider to watch a whole environment and take action on behalf of their clients, based on pre-approved run books. MDR rarely includes full DFIR services.
Also commonly referred to simply as IR, or incident response. MDR providers sometimes have DFIR offerings as a separate purchase item, which is usually fulfilled by a third party. Companies engage DFIR services when malicious adversaries bypass other security protections.
DFIR’s goal is to determine the severity of the situation and respond with the following actions:
VM programs tie into one the most challenging aspects of any security program, which is patching the environment! They usually have two components: tools and a professional services wrapper that help guide patching efforts. Tools by themselves work for small, predictable environments. However, as environments get more complex, IT executives need more help in prioritizing their team’s time in how and when they patch systems.
Securing advanced workloads is incredibly challenging. This is an emerging category, and we find that many Kubernetes environments are almost completely insecure. Securing Kubernetes is absolutely possible with the right partners and the right vision!
We wrote this article because we want to empower you in the marketplace and make the best decisions possible. We want you to be secure. We want you to be safe. We want you to win, and understanding the complex cybersecurity landscape is one of the first steps in doing so! If you are trying to navigate the complex landscape of security, and specifically MDR providers, lets chat! Our Opex team can use our 18+ years of experience and data to make the complex, simple!
Opex Technologies is a leading Technology Transformation Advisory firm for the as a Service marketplace to Investors, Business, and IT Leaders since 2004. The Opex team helps you identify, execute, implement, and manage as a Service projects faster and with better outcomes through data-driven processes and our unmatched market expertise, institutional knowledge, combined team experience, and in-house Opex IP. For more information, contact us or connect with us on LinkedIn.