Separator

Managed Detection & Response and Endpoint Detection & Response - An Overview

Separator
Sunil has been associated with Sophos for over a decade now, prior to which he has held key roles across an array of companies that include McAfee India, EMC Data Storage Systems, Iris Computers, I2I Media, and Thakral Computers, to name a few.

From technology aspects what is the uniqueness of Managed Detection & Response and Endpoint Detection & Response?
The most sophisticated and evasive attacks leverage multiple access points to gain entry, move laterally to evade detection, and do as much damage as possible, as fast as possible. The only way organizations can combat such attacks is by including active threat hunting, which is a part of Detection and Response into their cybersecurity operations.

Endpoint Detection & Response (EDR) and Extended Detection & Response (XDR) are the tools for threat hunting that help organizations to hunt across their environment to detect indicators of compromise (IOCs) and indicators of attack (IOA). EDR are powerful tools, but they are limited to detection and response on endpoints and servers. This isn't necessarily a limitation. If organizations had to choose one place to focus their detection and response efforts, their endpoints and servers are a great choice. However, there are things organizations can't do by working on them in isolation. After all, IT environment is an interconnected web of networks, communication tools, mobile devices, cloud applications and more.

To defend IT infrastructure more comprehensively, an integrated detection and response system is key. This is where XDR comes in. XDR takes the idea of EDR and extends it. It goes beyond the endpoint and server, incorporating data from other security tools such as firewalls, email gateways, public cloud tools and mobile threat management solutions.

XDR and EDR will detect a lot of the threats, but they can't prevent something from initiating. These tools should detect threats quickly and allow human intelligence to kick-in and defend against those threats. Tools like EDR and XDR will also need people and processes to effectively manage security around-the-clock. Yet, many businesses struggle to put all these much-needed pieces in place. This dilemma has given way to a new solution - Managed Detection and Response (MDR) services.

MDR services are outsourced security operations delivered by a team of specialists. MDR services act as an extension of organizations' security team, combining human-led investigations, threat hunting, real-time monitoring, and incident response with a technology stack to gather and analyze intelligence.

What are the steps for creating a suitable security strategy integrating Managed Detection & Response and Endpoint Detection & Response?
Cybersecurity is all about technology, people and processes working towards reducing risks. EDR and XDR provide the technology and MDR services provide people & processes with these solutions needed to reduce risks for organizations.

In cybersecurity, integrated approach is the only way to combat adversaries who are using coordinated approach to launch attacks


What is the market demand of Managed Detection & Response and Endpoint Detection & Response?
There are always two elements to security - prevention and detection. Preventive cybersecurity solutions like firewall, endpoint security and cybersecurity systems take care of prevention, and solutions like EDR and XDR take care of detection and response capabilities. Organizations have understood the importance of detection & response and hence they are going for EDR and XDR kind of security solutions instead of legacy endpoint security solutions. Organizations have also realized that the amount of data these tools generate need a specialized team to analyze and act on it. Hence, services like MDR are also in demand.

What are your views about technology integrated security solutions success and progress?
In cybersecurity, integrated approach is the only way to combat adversaries who are using coordinated approach to launch attacks. All elements of cybersecurity should share threat intelligence and act as a system to provide protection from new age sophisticated threats. However, integration of various cybersecurity solutions is a constant evolution. At Sophos, we have expanded synchronized security to our whole portfolio. We have taken it to the next level through what we call the Adaptive Cybersecurity Ecosystem (ACE). This is a full ecosystem of both Sophos and non-Sophos products that feed information into a data lake, which we leverage with the help of AI to detect suspicious behaviours and incidents faster and respond automatically. We also tunnel all that information through our XDR, which goes beyond the endpoint, allowing human intelligence to augment artificial intelligence across the whole spectrum.

What is the future path of Managed Detection and Response and Endpoint Detection and Response?
With XDR, things have already taken a leap forward in Detection and Response. Now, every important element of cybersecurity will generate data that needs to be analyzed and acted upon. The canvas of Detection and Rsponse will continue expanding in the future as well, and MDR will continue providing human expertise aligned to the intelligence these tools generate.