When it comes to security, there are different approaches and even more abbreviations to choose from. We’ll walk you through some commonly used terms.

The cybersecurity landscape is constantly changing. Attackers are becoming more and more innovative when it comes to breaking into companies. Therefore, security must evolve. These days, installing a firewall or antivirus on your laptop is no longer enough to keep hackers out: security must span the company’s entire IT ecosystem.

Because every organization is different, there is no one-size-fits-all approach to security. Over the years, cybersecurity has become a jungle of terms, acronyms and solutions that the average business leader gets lost in. This means no investments are made or invested in the wrong security solutions. We’ll discuss some popular security strategies and the key differences between them so you can choose the best approach for your business.

EDR: Where there is smoke, there is fire

We’ll start with the acronym EDR, stretched out Endpoint detection and response. An EDR solution keeps an eye on all endpoints of the company network. Endpoints include different types of devices. From laptops to smartphones and printers, any device connected to a network can be a potential entry point for an attacker to break into your network.

An EDR solution works according to the paradigm protect, recognize, react. In less technical jargon, this can be summarized as: “Where there is smoke, there is fire.” With EDR, you constantly monitor activity on your endpoints. When suspicious activity occurs at an endpoint, alarm bells ring.

In a first phase, the endpoint in question is placed in “quarantine”. This allows time for a thorough analysis of the incident and prevents the virus from spreading to other endpoints. The virus is then neutralized and the endpoint is allowed to return to the free world.

Having an EDR solution doesn’t mean you can throw all firewalls and antivirus scanners in the trash. EDR is intended as a supplement to classic prevention measures. This gives companies an additional incentive to intervene if a virus has spread beyond the virus’s borders.

XDR: the big picture

In recent years, the concept of EDR has come under criticism. Many security experts believe that EDR falls short as a strategy because it is limited to what happens on a single endpoint. A strategy was sought that would connect all endpoints and so EDR evolved into XDR, i.e advanced detection and response.

An XDR platform collects data from all connected endpoints and consolidates it into a central dashboard. This also maps data flows between the various endpoints and gives companies insight into what is happening across the entire network. This allows researchers to look for connections between incidents and uncover broader vulnerabilities in the IT ecosystem. So XDR tries to present the bigger picture.

Of course, the “Detect and Response” aspect is also included in an XDR solution. The procedure for this is similar to the procedure for an EDR solution.

XDR brings the bigger picture into view.

MDR: What you do yourself, you don’t always do better

That brings us to MDR, or managed detection and response. MDR solutions leverage the same technologies as their EDR and XDR counterparts, with the major difference being that in this setup, a company outsources security to a third-party provider.

The security provider remotely monitors everything that happens on your network in the SOC and intervenes when it deems it necessary. This is where MDR largely differs from an MSSP Managed Security Service Provider, that monitors and warns, but does not actively intervene.

MDR is a sensible solution for companies that do not have the necessary resources and trained staff. A lack of security talent can lead to more incidents. Bringing in a team of external experts should also shorten the time between detection and response. As internal security teams become increasingly understaffed and overworked, Gartner predicts that at least half of organizations will adopt MDR by 2025.

AS(R)M: Prevention is better than cure

But a new approach is now emerging that is intended to replace XDR and MDR: ASRM stands for Attack surface risk management. ASRM turns the logic of security on its head. Instead of waiting for something to happen, start looking for what could potentially happen.

The basic idea is that the attack surface has become so large today that even with XDR or MDR you can no longer always be there on time. Instead of allocating your resources evenly across each individual endpoint, try to identify which endpoints might be of most interest to attackers and therefore where the greatest risk to your organization lies. Therefore, you will tackle these endpoints first.

You can perform this analysis in different ways. For example, you can have your security experts take on the role of a hacker or hire an external red team to try to outsmart your blue team. Then, assess your endpoints to identify your potential Achilles heels. These values ​​are dynamic: a newly discovered vulnerability can cause a system that is secure today to become your biggest concern tomorrow.

Above all, ASRM needs to translate this better to the boardroom. Security experts can show the managing director more clearly why and where investments in security technology are necessary. This helps companies spend their IT and security budgets better and adapt their security policies more specifically.