So, what exactly is MDR, EDR, NDR & XDR? Cyber security jargon explained…
With large scale cyber-attacks regularly making mainstream headlines, it is undeniable that today’s digital landscape has changed almost beyond recognition. As such, the need for threat detection and incident response capabilities has become a must for all businesses – regardless of size or industry.
As a result, everyday users now find themselves with increased responsibility and heightened awareness surrounding cyber-security, regardless of how IT-savvy they are. Technology, particularly the cyber-security sphere, is abundant with technical jargon and complex acronyms. Being aware of what these acronyms stand for can be difficult enough for individuals with basic security knowledge, let alone being aware of what they subsequently mean…
As experts in cyber security, our professionals have decoded some of the essential security acronyms to help you cut through the jargon…
SOC – Security Operations Centre
A SOC consists of a team of cyber security professionals, responsible for continuously monitoring and managing an organisation’s cyber-security posture. With a focus on threat detection and prevention, an effective SOC will utilise a range of cutting-edge technologies and tools to secure the business and its assets. If you’re looking for more information on how a SOC should operate, you can download our free guide here.
SIEM – Security Information & Event Management
SIEM is essentially the combined power of two security systems. It is a software solution combining the functionalities of Security Information Management (SIM) and Security Event Management (SEM) into one primary security management system (SIEM).
SIEM tools are used by analysts within a SOC to monitor infrastructures and subsequently identify and report security related events.
IAM – Identity Access Management
IAM refers to a business framework that controls user access within the infrastructure to essentially protect sensitive information and ensure that data is accessed only by the relevant parties. An IAM framework can be controlled by implementing IAM tools such as MFA (Multi-Factor Authentication), or following a model of Zero Trust.
DLP – Data Loss Prevention
DLP is a set of tools and techniques that aim to prevent sensitive information from leaving the business – whether that be through misuse of data or access from unauthorised users. DLP solutions follow rules powered by regulatory compliance such as GDPR (General Data Protection Regulation) to monitor, detect and prevent any unauthorised transfer of information – whether accidental or intentional. DLP can include actions such as the encryption of data in transit.
EDR – Endpoint Detection Response
The primary function of an EDR solution is to provide continuous monitoring for the endpoints (physical devices at an end point of a network), rather than the network. Through collecting and analysing activity data from the endpoints, an EDR solution is able to recognise device and user patterns and consequently identify and respond to threats. Utilising EDR allows organisations to protect themselves against any activity deemed as suspicious.
NDR – Network Detection Response
Working closely with SIEM and EDR, NDR software is responsible for continuously monitoring and analysing the network traffic in a business. Through vast amounts of data analysis, an NDR solution generates a standard of ‘normal’ network behaviour which then allows it to detect any deviations. NDR tools can then quickly alert your SOC about potential threats.
XDR – Extended Detection Response
XDR solutions provide holistic visibility by consolidating and analysing security data from multiple sources such as emails, cloud environments, servers, endpoints and networks. The complete visibility XDR provides complements EDR and NDR software through allowing the XDR solution to authenticate security alerts, therefore lowering the false positive and negative rates of your SOC.
MDR – Managed Detection Response
MDR refers to a combination of EDR, NDR and XDR solutions managed by an outsourced cyber-security provider. Utilising an MDR service will provide a business with 24/7 monitoring, analysis and response capabilities, in addition to threat intel and hunting. Outsourcing a SOC to manage MDR essentially provides end-to-end coverage of fundamental security solutions to protect against cyber-attacks.
The above acronyms are some of the fundamental cyber security terms used by our SecOps team on a day to day basis, in addition to some of the terms you might need to know if you’re looking to monitor your own security.
However, if you’re looking for a cyber security partner with the all the expertise needed to protect your organisation, get in touch here.