Cloud 9 Advisers - News #cyber attack

EDR, XDR, and MDR

Tue, 17 Oct 2023 17:49:19 -0500

EDR, XDR, and MDR: What are they and why are they important?

As one piece to a larger cybersecurity puzzle (strategy, plan, and ultimately, framework), EDR, XDR, and MDR are all cybersecurity solutions that help organizations detect and respond to threats. However, they have different features and capabilities.

Importance of EDR, XDR, and MDR

EDR, XDR, and MDR are all important cybersecurity solutions, but the best solution for an organization will depend on its specific needs and budget.

Organizations with limited resources may want to consider EDR. EDR solutions can be effective at detecting and responding to threats, and they are typically more affordable than XDR and MDR solutions.

Organizations with more complex needs may want to consider XDR or MDR. XDR solutions can provide a more complete view of threats and can automate threat detection and response. MDR solutions can provide organizations with 24/7 monitoring and threat response, which can be helpful for organizations with limited security resources.

What are they?

EDR (Endpoint Detection and Response) is a software solution that collects and analyzes endpoint data to detect and respond to threats. EDR solutions typically collect data from endpoints such as Windows Event Logs, Sysmon logs, and file system changes. They use this data to identify suspicious activity, such as malware infections, unauthorized access, and data exfiltration. EDR solutions can also be used to block threats and remediate incidents.

XDR (Extended Detection and Response) is a more comprehensive approach to EDR that collects data from a wider range of sources, including endpoints, networks, cloud, and user behavior. This allows XDR solutions to provide a more complete view of threats and to respond more effectively. XDR solutions typically integrate with other security tools, such as SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response), to automate threat detection and response.

MDR (Managed Detection and Response) is a service that provides organizations with 24/7 monitoring and threat response for their endpoints. MDR providers typically use EDR or XDR solutions to collect and analyze endpoint data. They then use this data to identify and respond to threats on behalf of their customers. MDR providers can also provide additional services, such as threat hunting, incident response, and compliance reporting.

In summary, the key differences between EDR, XDR, and MDR are:

Scope: EDR focuses on endpoints, while XDR collects data from a wider range of sources. MDR is a service that provides 24/7 monitoring and threat response for endpoints and other key components of the network.
Capabilities: EDR can detect and respond to threats, but XDR has more comprehensive capabilities, such as threat hunting and incident response. MDR providers can also provide additional services, such as threat hunting and compliance reporting.
Pricing: EDR solutions are typically priced per endpoint, while XDR and MDR solutions are typically priced per organization.

The best solution for an organization will depend on its specific needs and budget. Organizations with limited resources may want to consider EDR. Organizations with more complex needs may want to consider XDR or MDR.

Here is a table that summarizes the key differences between EDR, XDR, and MDR

Feature	EDR	XDR	MDR
Scope	Endpoints	Endpoints, networks, cloud, user behavior	Endpoints
Capabilities	Detect and respond to threats	Detect, respond, and hunt for threats	Detect, respond, hunt for threats, and provide 24/7 monitoring
Pricing	Per endpoint	Per organization	Per organization

Why should every company have either one, two, or all three solutions in place?

No matter what size or industry, every company should have well-thought-out cybersecurity solutions in place to protect against threats. Back in "the old days" the name of the cybersecurity game was prevention (only) - if you had a strong perimeter, then you're good! That thought process has shifted rather dramatically, because we know they'll get it regardless. Today, to protect yourself, you must first be able to detect those threats first in order to respond. EDR, XDR, and MDR can all help companies to detect and respond to threats effectively.

EDR is a great foundation for any cybersecurity strategy. Many will argue that EDR should be the first step. It can help to detect and respond to threats on endpoints, which are often the first target of attackers - especially considering so many remote/hybrid staff with access to company data.

XDR can provide a more complete view of threats and can automate threat detection and response. This can be helpful for companies with complex IT environments.

MDR can provide companies with 24/7 monitoring and threat response, which can be helpful for companies with limited security resources.

A typical company should have one, two, or all three of these solutions in place depending on its specific needs and budget. For example, a small company with limited resources may only need EDR. A large company with a complex IT environment may want to have all three solutions in place.

Company type	Best solution
Small company with limited resources	EDR
Medium-sized company with moderate resources	EDR and/or XDR
Large company with complex IT environment	EDR + XDR and/or MDR

It is important to note that this is just a general guide. The best way to determine which solution is right for your company is to consult with a vendor-neutral, unbiased cybersecurity expert.

Remember: if your company can only afford one cybersecurity solution, make it EDR

Readiness Report

Schedule a security interview with one of our experts, then in a few days, we'll generate a custom, 50 to 100 page Cybersecurity Readiness Report you can use as a playbook for your security strategy.

You can even use the report as ammunition for your case to get your security budget passed.

Book now

Security Experts

About Cloud 9

Cloud 9 Advisers, LLC was formed as a client-facing, business-to-business agency/firm in 2017 with the goal of forever changing the way businesses buy AI, cybersecurity, contact center, and other important IT-related services and solutions: faster, better, less formal, and with the high-quality due diligence and integrity that all companies expect.

Technology Sourcing Experts

Under Constant Attack

Wed, 21 Jul 2021 14:59:22 -0500

Constant attacks require constant Security

We’re in an environment where our systems are constantly under attack. They're under attack from all sorts of diverse players who are trying to take advantage of the private proprietary information that is available.

Companies are really focused on compliance ensuring that they are protecting their business value from these types of attacks. Every executive has an obligation to ensure that they are compliant with security.

What are most companies doing for security?

Most companies only have basic firewall protection, your basic intrusion prevention (not necessarily intrusion detection), generally just hardware-based. A few others may do just a little more; they may conduct regular scans of their environment. This is really no different than your home having a basic lock and maybe a deadbolt. There is no alarm system like you might have in a home to see and be alerted when intrusions are happening. Being alerted of intrusion is critical in business so that more immediate actions can be taken. Often enough, attacks can be sly and stealthy. Recent studies show that malicious code is embedded on business systems for more than 250 days before it is ever used to promote an actual attack. The reason being so that attackers know their code is also well planted in several layers of business backups as well as active systems.

How have today’s complex attacks changed systems and the approach to security?

The attacks are becoming more sophisticated, automated, and voluminous, so we no longer have the time nor capability to react in a manual way. We actually have to have machine learning and other artificial intelligence technologies to adapt and scan the environment much more rapidly looking for these constant intrusions malicious code, and breeches. These technologies work in tandem with professional cybersecurity teams and Security Operations Centers (SOCs) to constantly manage, monitor, and alert. The trick with alerts is dramatically reducing false positives. Too many alerts are just as futile as too few.

How much does a cyber attack cost?

Recent US cyber crime studies show an average measurement of damage from a breach: a 46 day long average resolution at an average of $21k per day, plus regulatory fines, and major customer fallout. These attacks can be highly damaging to any business. Cyber insurance can only go so far and cover so much. Claims can also be denied for a host of often confusing reasons, leaving the business to fit the bill. These newer types of cyber insurance policies have many requirements and stipulations, and with a sense of irony, those requirements are very much cybersecurity technology many of which are security technology related.

About Cloud 9

Cloud 9 Advisers is a client-only, client-focused agency and consulting group offering vendor selection and management services to help you solve IT and general technology problems fast. We'll walk you through the identification, research, evaluation, and comparison process, provide board-ready documentation and due diligence, and provide oversight of solution implementation on any of our 250+ vendors, carriers, and service providers.

Our teams of vendor-neutral security focused engineers will help you slice through the marketing fluff and industry jargon so you know what you're buying. We'll help you make smart IT investments quickly and confidently. Reach out to us today!

Get Started Now

ALERT: SolarWinds & FireEye

Mon, 28 Dec 2020 12:23:55 -0500

Tips to protect yourself against the SolarWinds Breach

Are you concerned your business has been affected by the SolarWinds hack?

Unfortunately, Cyber Attacks don’t take time off to celebrate with family and friends. Due to the recent news about FireEye discovering the major SolarWinds hack we want to make sure you are equipped and prepared. Cloud 9 and our cybersecurity vendors are receiving numerous inquiries about the recent cyber-attacks on Solarwinds.

Most people have never heard of SolarWinds, which provides IT infrastructure management tools to hundreds of thousands of customers including government agencies, corporations, and nonprofit organizations. SolarWinds boasts of 300,000 global customers of whom include most of the S&P 500, hundreds of colleges and universities, and many of the country’s most important government agencies including the US State Department, Department of Commerce, US Treasury, Department of Homeland Security, and the National Institutes of Health to name a few.

News sources are saying this is the biggest cyber attack from a nation state in US history. Many are blaming a state-sponsored attack from Russia, some say the Russian group "Cozy Bear", still fewer have said that China may be involved. Even though the main target appears to be the US Government the threat goes much deeper giving the attackers administrative access to critical systems of potentially every SolarWinds customer. Because the attacks were targeted against a hugely popular and widely used IT infrastructure monitoring software the effects will be catastrophic to many commercial businesses around the globe.

"This is a huge problem for two major reasons: The attackers were able to gain access for a long period of time without being detected, and it will also take a long time for security experts to determine the extent of what's been compromised." - Business Insider

Here are just a few headlines from several news outlets about the breach:

If you are concerned you could be at risk, please reach out to Cloud 9 immediately. Our vendor-neutral cybersecurity experts will help to validate any concerns, plot the best course of action, and determine the ideal Risk Assessment and Security Assessment services and vendors for your organization. This will give you the ability to inspect all targeted areas within your environment for active malware and other vulnerabilities.

If you are experiencing questionable activity or are concerned in any way...

Describe the suspicious activity.
When did you first notice it?
Are you a SolarWinds customer?

If so, what have you done so far?
If not, what monitoring services do you use?

Are any of your technology service providers a SolarWinds client? If so, who?
Have you noticed any impact to your business? If so, what?
Have you communicated the suspicious activity anyone else? (Executive team, corporate attorney, cyber-insurance provider, etc…)

Immediate next steps – contact Cloud 9 for help and guidance to find the right cybersecurity solution, service, and vendor for initial triage and long-term protection.

Cloud 9 is here to help. Our Vendor Selection and Vendor Management services are free to our clients and are designed to help you determine the best course of action and quickly narrow the focus to the best solutions and vendors for your specific needs.

Learn more about Cybersecurity

As a client you'll have guided access to our proprietary Pathfinder app and experts. We'll get you started down the right path, focused on the right solutions, and narrow down the right vendors to evaluate.

Click the button below to book your appointment now.

Book now

Get Started Now