Cloud 9 Advisers - News #incident responseCloud 9 Advisers - News #incident responsehttps://www.cloud9advisers.com/News/tag/incident-responseWed, 25 Feb 2026 18:42:16 -0800http://zoho.com/sites/<![CDATA[Remediation vs. Response]]>https://www.cloud9advisers.com/News/post/remediation-vs.-response

What about the "big R", Remediation? 

There's a pretty big difference

We wanted to expand a little more on a previous article about EDR, XDR, and MDR. As many of you already know, the “r” is for response: Endpoint Detection and Response. Extended Detection and Response. Managed Detection and Response. But, for some reason there seems to be little confusion on what response actually means and what it does. 

As with many things these days there are plenty of opinions. And like other things along that train of thought, they all stink. Except this one, of course! 

There is an important and distinct difference between response and remediation:

Response is “a reaction to something”. Response in cybersecurity is focused on containing and mitigating the immediate threat. While we’re thumbing through the dictionary, mitigation is “the action of reducing the severity, seriousness, or painfulness of something”

Remediation, or to remedy on the other hand is, simply put, “to set right”. So to remediate a security incident is to fix it. 

Pretty big difference.

Response and remediation are both important parts of any cybersecurity strategy and incident response (IR) plan. However, as shown, there is a key difference between the two.  It is important to be able to quickly detect and then respond to an incident. But we would like to highlught that not all _DRs  are created equal, and you should never assume that the solution or service you have in place automatically includes remediation. Having a plan in place for remediating security incidents quickly and effectively is also critical and in most cases, not necessarily included.

In the context of EDR, XDR, and MDR, both response and remediation are important capabilities. EDR, XDR, and MDR solutions can all help organizations to respond to security incidents quickly and effectively. However, remediation is typically more of a manual process that involves fixing the underlying vulnerability and other problems that caused the incident in the first place.

Some EDR, XDR, and MDR solutions may provide automated remediation capabilities for certain types of threats. For example, an EDR solution might be able to automatically remove malware from an infected endpoint. However, for more complex vulnerabilities, remediation may need to be performed manually.

Remediation can be performed by either the organization itself or by the security solution provider. It often depends not only on the solution/software, but also on the service selected and service provider you get it from.

  • EDR solutions typically provide tools to help organizations remediate threats on their own. Most out-of-the-box solutions won’t remedy a security threat. 

  • XDR solutions can automate some remediation tasks, such as quarantining infected endpoints or blocking malicious traffic.

  • MDR providers typically provide full remediation services, including removing malware, patching vulnerabilities, and restoring data from backups.

It is important to note that the specific capabilities of EDR, XDR, and MDR solutions vary widely. When choosing a solution, it is important to consider the specific needs of your organization and to ensure that the solution you choose provides the necessary response and/or remediation capabilities. 

Which organization is responsible for remediation (either you or the service provider( will depend on the specific solution, or rather service, in place. For example, some EDR solutions provide the option to have the security solution provider perform remediation on behalf of the organization.

Here are some examples of how remediation might be used in each of the three solutions:

EDR: An EDR solution might be used to remediate a malware infection by removing the malware from the infected endpoint.

XDR: An XDR solution might be used to remediate a ransomware attack by automating the process of restoring data from backups and isolating the infected endpoints from the network.

MDR: An MDR provider might be used to remediate a data breach by investigating the incident, identifying the affected systems, and taking steps to prevent the breach from happening again.

Overall, remediation is an important part of any cybersecurity strategy, and it is important to have a plan in place for remediating security incidents quickly and effectively. EDR, XDR, and MDR can all help organizations to detect and respond and get organizations on the right path to remediate threats and incidents effectively. But understand that most solutions are not a complete remediation plan or strategy. 

Again, response is to react, mitigate is to reduce, remediate is to fix.

Security Readiness

You've done a great job so far, put all the right pieces in place, and now you need to be able to prove it. Or, you think your nicely buttoned up, but wouldn't mind a second pair of eyes.


Our comprehensive, customized Cybersecurity Readiness Report will give you 50 to 150 pages of dos, don'ts, best practices, and the latest strategies and innovations on your security preparedness. You'll get confirmation on some things, plenty of food for thought, and maybe even uncover some gaps you weren't aware of. 

Schedule your Report

Cloud 9 Advisers

As a leading technology advisory firm with a security-first focus, Cloud 9 stands ready to help you unravel the complex web of noise and "FUD" you'll hear out in the cybersecurity marketplace. Cybersecurity should never be only about the latest products and solutions or the fear uncertainty, and doubt (FUB) often found in the marketplace. Cybersecurity isn't an IT problem, it is a business problem

Get Started Now
]]>Thu, 26 Oct 2023 08:50:16 -0500<![CDATA[CyberSecurity Basics]]>https://www.cloud9advisers.com/News/post/cybersecurity-basics

The Basics of Cyber Security, What every business should do

The following is a quick, simple list of must-dos to help businesses of all sizes protect themselves against cyber threats. 

  • Vulnerability Scanning

    • Doesn’t actually fix anything, but...

    • Shows “bad spots’”

    • Good services will show a plan of remediation

    • If subject to compliance (HIPPA, PCI, etc) recurring V.Scans are required

    • Do it at least  annually, quarterly is common for many businesses, monthly “managed” services best, but more costly

Think of it as a home inspection.

  • Penetration Testing

    • Different than a V.Scan but related

    • Considered “white-hat” or “ethical” hacking

    • Attempts to actually hack into your network

    • Should come after a V.Scan and initial remediations steps to test efficacy

    • Most Pen Tests will deliver a detailed, lengthy report of findings and remediation suggestions

    • Usually done annually. Should at least be done every couple/few years.

  • Endpoint Security

    • Mobile Security;

      • increasingly important and often overlooked window in to the network

      • proprietary and cloud apps.

      • corporate or employee owned mobile devices (BYOD)

    • Anti-Virus

    • Firewall, go with a Next Gen FW (NGFW). Best would be a managed Firewall solution. Depending on your situation also look into a cloud firewall solution. 

  • Employee Education

    • Email phishing; train employees to recognize bad, phishing emails by using mock emails


Contact us at Cloud 9 Advisers. We are impartial, independent, and provider-neutral, consultants of Communications, Collaboration, Connectivity, and Cloud technologies. We guide our clients through the morass of options, solutions, and providers. Sign up for our Consulting & Buying Program and get the real story on CyberSecurity and the best methodology for your business.Find out who the best providers are and who to avoid. Get real-world advice, recommendations, and unbiased solution design. 


Through the Program, you’ll have access to our distributor team of provider-neutral SME-Subject Matter Experts and Services Engineers. We’ll help you get pricing and bids from multiple, competing companies through our distributor portfolio of nearly 200 vetted and approved service providers. Use our evaluation tools to show decision makers the entire process, reasoning, and recommendations and complete due diligence for the project. We’ll help manage the entire procurement process (and keep all those pesky sales-guys off your back!). Visit www.Cloud9Advisers.com for more information

Get Started
]]>Sat, 29 Sep 2018 12:27:49 -0500<![CDATA[Cyber Security - What is the cost?]]>https://www.cloud9advisers.com/News/post/cyber-security-what-is-the-costwhat is the real cost of a cybersecurity breach? Are you too small to worry about these things? Are you willing to bet your business on your Firewall and the IT group managing it?]]>
The costs associated with security breaches are going up, jumping 29 percent in recent years to more than $4 million per incident, according to Ponemon’s annual bench marking report. In addition, when it comes to the impacts of breaches – such as cost per record lost – Ponemon says the gap is widening between organizations that are unprepared and those that have added policies and processes like incident response plans, encryption, and employee training.


To calculate the average cost of a data breach, Ponemon collects both the direct and indirect expenses as well as opportunity costs incurred by the organization as follows:
  • Direct cost – the direct expense outlay to accomplish a given activity, such as engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions and discounts for future products and services.
  • Indirect cost – the amount of time, effort and other organizational resources spent in the aftermath of a breach, such as in-house investigations and communications. This category also includes the extrapolated value of customer loss resulting from turnover.
  • Opportunity cost – the cost of lost business opportunities resulting from negative reputation effects after the breach has been reported to victims and publicly revealed to the media.

A recent report from Deloitte says the costs of a cybersecurity breach could be higher than most data shows as the costs can rack up for many years after the initial incident. The firm identified 14 cyberattack impact factors, including seven it claims are hiding beneath the surface and account for 95 percent of the financial impact. (see chart below).

Small business owners need to take caution as well. One may think; "I'm too small to be a target". Security by obscurity is not a good policy. One may think: "I've got a firewall and a good IT company". Are you willing to bet your business on that? Cyber Security is a specialized field and many "generalist" IT and MSP organizations today simply do not have the expertise needed to properly and adequately protect your hard earned investment and customers. There are numerous cost-effective, methods, practices, and managed services that will significantly reduce your exposure and augment what your IT company is already doing.


Contact us at Cloud 9 Advisers to learn about better ways to protect your business. Through our Consulting & Buying Program, our consulting services are free to you. We are provider-neutral, independent, and unbiased consultants of technology, telecom, cloud, and security services.
Get Started Now
]]>Mon, 23 Jul 2018 13:50:54 -0500