Cloud 9 Advisers - News #detect & respond

Always-On Endpoint Management

Tue, 14 Nov 2023 13:06:11 -0500

Always-on endpoint management is a must-have

Always-on endpoint management is a must-have for enterprises today.

In a world where employees are increasingly working from anywhere and on any device, it's more important than ever to have a solution in place that can manage and protect all endpoints at all times.

Here are just a few of the benefits of always-on endpoint management:

Improved security: Always-on endpoint management can help to protect your organization from cyber threats by providing real-time visibility and control over all endpoints.
Reduced downtime: By proactively monitoring and managing endpoints, always-on endpoint management can help to reduce downtime and keep your employees productive.
Increased compliance: Always-on endpoint management can help you to comply with industry regulations by ensuring that all endpoints are configured and patched correctly.

If you're not already using an always-on endpoint management solution, here are a few things to consider when choosing one:

Comprehensive endpoint visibility: Make sure that the solution you choose provides comprehensive visibility into all endpoints, including laptops, desktops, mobile devices, and IoT devices.
Real-time monitoring and control: The solution should also be able to monitor and control endpoints in real time, so that you can quickly respond to threats and incidents.
Security automation: The solution should be able to automate many common security tasks, such as patch management and vulnerability scanning.
Compliance reporting: The solution should also be able to generate reports that can help you to comply with industry regulations.

Cyber Readiness

Click the button below to schedule your appointment and learn more about our Cybersecurity Readiness Report - custom tailored recommendations and roadmap for your business and your needs

Book now

Technology Sourcing

Cybersecurity can be complex, but getting the right strategy and solutions in place doesn’t have to be. Cloud 9 Advisers will provide you clarity so you can make quick and confident IT buying decisions. We help decision-makers make smart IT investments.

Get Started Now

Remediation vs. Response

Thu, 26 Oct 2023 08:50:16 -0500

What about the "big R", Remediation?

There's a pretty big difference

We wanted to expand a little more on a previous article about EDR, XDR, and MDR. As many of you already know, the “r” is for response: Endpoint Detection and Response. Extended Detection and Response. Managed Detection and Response. But, for some reason there seems to be little confusion on what response actually means and what it does.

As with many things these days there are plenty of opinions. And like other things along that train of thought, they all stink. Except this one, of course!

There is an important and distinct difference between response and remediation:

Response is “a reaction to something”. Response in cybersecurity is focused on containing and mitigating the immediate threat. While we’re thumbing through the dictionary, mitigation is “the action of reducing the severity, seriousness, or painfulness of something”

Remediation, or to remedy on the other hand is, simply put, “to set right”. So to remediate a security incident is to fix it.

Pretty big difference.

Response and remediation are both important parts of any cybersecurity strategy and incident response (IR) plan. However, as shown, there is a key difference between the two. It is important to be able to quickly detect and then respond to an incident. But we would like to highlught that not all _DRs are created equal, and you should never assume that the solution or service you have in place automatically includes remediation. Having a plan in place for remediating security incidents quickly and effectively is also critical and in most cases, not necessarily included.

In the context of EDR, XDR, and MDR, both response and remediation are important capabilities. EDR, XDR, and MDR solutions can all help organizations to respond to security incidents quickly and effectively. However, remediation is typically more of a manual process that involves fixing the underlying vulnerability and other problems that caused the incident in the first place.

Some EDR, XDR, and MDR solutions may provide automated remediation capabilities for certain types of threats. For example, an EDR solution might be able to automatically remove malware from an infected endpoint. However, for more complex vulnerabilities, remediation may need to be performed manually.

Remediation can be performed by either the organization itself or by the security solution provider. It often depends not only on the solution/software, but also on the service selected and service provider you get it from.

EDR solutions typically provide tools to help organizations remediate threats on their own. Most out-of-the-box solutions won’t remedy a security threat.
XDR solutions can automate some remediation tasks, such as quarantining infected endpoints or blocking malicious traffic.
MDR providers typically provide full remediation services, including removing malware, patching vulnerabilities, and restoring data from backups.

It is important to note that the specific capabilities of EDR, XDR, and MDR solutions vary widely. When choosing a solution, it is important to consider the specific needs of your organization and to ensure that the solution you choose provides the necessary response and/or remediation capabilities.

Which organization is responsible for remediation (either you or the service provider( will depend on the specific solution, or rather service, in place. For example, some EDR solutions provide the option to have the security solution provider perform remediation on behalf of the organization.

Here are some examples of how remediation might be used in each of the three solutions:

EDR: An EDR solution might be used to remediate a malware infection by removing the malware from the infected endpoint.
XDR: An XDR solution might be used to remediate a ransomware attack by automating the process of restoring data from backups and isolating the infected endpoints from the network.
MDR: An MDR provider might be used to remediate a data breach by investigating the incident, identifying the affected systems, and taking steps to prevent the breach from happening again.

Overall, remediation is an important part of any cybersecurity strategy, and it is important to have a plan in place for remediating security incidents quickly and effectively. EDR, XDR, and MDR can all help organizations to detect and respond and get organizations on the right path to remediate threats and incidents effectively. But understand that most solutions are not a complete remediation plan or strategy.

Again, response is to react, mitigate is to reduce, remediate is to fix.

Security Readiness

You've done a great job so far, put all the right pieces in place, and now you need to be able to prove it. Or, you think your nicely buttoned up, but wouldn't mind a second pair of eyes.

Our comprehensive, customized Cybersecurity Readiness Report will give you 50 to 150 pages of dos, don'ts, best practices, and the latest strategies and innovations on your security preparedness. You'll get confirmation on some things, plenty of food for thought, and maybe even uncover some gaps you weren't aware of.

Schedule your Report

Cloud 9 Advisers

As a leading technology advisory firm with a security-first focus, Cloud 9 stands ready to help you unravel the complex web of noise and "FUD" you'll hear out in the cybersecurity marketplace. Cybersecurity should never be only about the latest products and solutions or the fear uncertainty, and doubt (FUB) often found in the marketplace. Cybersecurity isn't an IT problem, it is a business problem

Get Started Now

EDR, XDR, and MDR

Tue, 17 Oct 2023 17:49:19 -0500

EDR, XDR, and MDR: What are they and why are they important?

As one piece to a larger cybersecurity puzzle (strategy, plan, and ultimately, framework), EDR, XDR, and MDR are all cybersecurity solutions that help organizations detect and respond to threats. However, they have different features and capabilities.

Importance of EDR, XDR, and MDR

EDR, XDR, and MDR are all important cybersecurity solutions, but the best solution for an organization will depend on its specific needs and budget.

Organizations with limited resources may want to consider EDR. EDR solutions can be effective at detecting and responding to threats, and they are typically more affordable than XDR and MDR solutions.

Organizations with more complex needs may want to consider XDR or MDR. XDR solutions can provide a more complete view of threats and can automate threat detection and response. MDR solutions can provide organizations with 24/7 monitoring and threat response, which can be helpful for organizations with limited security resources.

What are they?

EDR (Endpoint Detection and Response) is a software solution that collects and analyzes endpoint data to detect and respond to threats. EDR solutions typically collect data from endpoints such as Windows Event Logs, Sysmon logs, and file system changes. They use this data to identify suspicious activity, such as malware infections, unauthorized access, and data exfiltration. EDR solutions can also be used to block threats and remediate incidents.

XDR (Extended Detection and Response) is a more comprehensive approach to EDR that collects data from a wider range of sources, including endpoints, networks, cloud, and user behavior. This allows XDR solutions to provide a more complete view of threats and to respond more effectively. XDR solutions typically integrate with other security tools, such as SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response), to automate threat detection and response.

MDR (Managed Detection and Response) is a service that provides organizations with 24/7 monitoring and threat response for their endpoints. MDR providers typically use EDR or XDR solutions to collect and analyze endpoint data. They then use this data to identify and respond to threats on behalf of their customers. MDR providers can also provide additional services, such as threat hunting, incident response, and compliance reporting.

In summary, the key differences between EDR, XDR, and MDR are:

Scope: EDR focuses on endpoints, while XDR collects data from a wider range of sources. MDR is a service that provides 24/7 monitoring and threat response for endpoints and other key components of the network.
Capabilities: EDR can detect and respond to threats, but XDR has more comprehensive capabilities, such as threat hunting and incident response. MDR providers can also provide additional services, such as threat hunting and compliance reporting.
Pricing: EDR solutions are typically priced per endpoint, while XDR and MDR solutions are typically priced per organization.

The best solution for an organization will depend on its specific needs and budget. Organizations with limited resources may want to consider EDR. Organizations with more complex needs may want to consider XDR or MDR.

Here is a table that summarizes the key differences between EDR, XDR, and MDR

Feature	EDR	XDR	MDR
Scope	Endpoints	Endpoints, networks, cloud, user behavior	Endpoints
Capabilities	Detect and respond to threats	Detect, respond, and hunt for threats	Detect, respond, hunt for threats, and provide 24/7 monitoring
Pricing	Per endpoint	Per organization	Per organization

Why should every company have either one, two, or all three solutions in place?

No matter what size or industry, every company should have well-thought-out cybersecurity solutions in place to protect against threats. Back in "the old days" the name of the cybersecurity game was prevention (only) - if you had a strong perimeter, then you're good! That thought process has shifted rather dramatically, because we know they'll get it regardless. Today, to protect yourself, you must first be able to detect those threats first in order to respond. EDR, XDR, and MDR can all help companies to detect and respond to threats effectively.

EDR is a great foundation for any cybersecurity strategy. Many will argue that EDR should be the first step. It can help to detect and respond to threats on endpoints, which are often the first target of attackers - especially considering so many remote/hybrid staff with access to company data.

XDR can provide a more complete view of threats and can automate threat detection and response. This can be helpful for companies with complex IT environments.

MDR can provide companies with 24/7 monitoring and threat response, which can be helpful for companies with limited security resources.

A typical company should have one, two, or all three of these solutions in place depending on its specific needs and budget. For example, a small company with limited resources may only need EDR. A large company with a complex IT environment may want to have all three solutions in place.

Company type	Best solution
Small company with limited resources	EDR
Medium-sized company with moderate resources	EDR and/or XDR
Large company with complex IT environment	EDR + XDR and/or MDR

It is important to note that this is just a general guide. The best way to determine which solution is right for your company is to consult with a vendor-neutral, unbiased cybersecurity expert.

Remember: if your company can only afford one cybersecurity solution, make it EDR

Readiness Report

Schedule a security interview with one of our experts, then in a few days, we'll generate a custom, 50 to 100 page Cybersecurity Readiness Report you can use as a playbook for your security strategy.

You can even use the report as ammunition for your case to get your security budget passed.

Book now

Security Experts

About Cloud 9

Cloud 9 Advisers, LLC was formed as a client-facing, business-to-business agency/firm in 2017 with the goal of forever changing the way businesses buy AI, cybersecurity, contact center, and other important IT-related services and solutions: faster, better, less formal, and with the high-quality due diligence and integrity that all companies expect.

Technology Sourcing Experts