Which cybersecurity solution is best for your business? 

Some aspects of business technology don’t change all that quickly. The VOIP telephone handset, if you still have one on your desk, is likely largely unchanged from a few years ago. But cybersecurity solutions evolve at a far more rapid pace, necessitated in part by continually changing phishing, virus, spyware, ransomware and social engineering attacks. The fact malicious actors have even begun adopting artificial intelligence (AI) and machine learning (ML) technologies to perpetuate network and systems attacks only increases the rate at which countermeasures must adapt.

Remaining current with the ever-shifting cybersecurity landscape requires diligence. Business owners and technology administrators should begin by ensuring they understand the differences between the many popular cybersecurity approaches, including:

• CSaaS – Cybersecurity as a Service (see SECaaS)
• EDR – Endpoint Detection and Response
• MDR – Managed Detection and Response 
• MSSP – Managed Security Service Provider
• MTR – Managed Threat Response (see MDR) 
• XDR – Extended Detection and Response
• SECaaS – Security as a Service
• SEM – Security Event Management 
• SIM – Security Information Management
• SIEM – Security Information and Event Management
• SOAR – Security Orchestration, Automation and Response

Because business cultures, workflow nuances, competitive needs and industry requirements combine to create unique circumstances within many organizations, which strategy works best for your business depends on many factors. Hopefully the following descriptions of each cybersecurity approach better assists in determining which might best address your organization’s needs.

EDR 

Endpoint Detection and Response (EDR) refers to software agents installed on each network node (typically workstations but also servers and other equipment) that continually monitor the host system to detect, record and respond to attacks. Depending upon the vendor, EDR features vary but almost always combine historical virus information with analysis to monitor systems, detect and report suspicious activity and undertake efforts to remediate infections.

The following are samples of EDR solutions available to small-and medium-size businesses (SMBs):

• Broadcom Endpoint Security
• Harmony Endpoint
• Malwarebytes Endpoint Detection and Response

MDR 

Managed Detection and Response (MDR) solutions bolster a business’ cybersecurity defenses by including modern security operations center (MSOC) functionality with an actively managed antimalware platform that seeks to quickly identify, report and mitigate cyberthreats. Providers offering MDR solutions typically extend additional cybersecurity advantages by including experienced expertise—in the form of human technicians—specifically for the purpose of assisting customers by monitoring applications, systems and networks and identifying and resolving virus and spyware infections and other forms of malicious attacks.

Examples of MDR platforms include:

• Alert Logic Managed Detection and Response
• ArcticWolf Managed Detection and Response
• Sophos Managed Detection & Response

MSSP 

An information technology services vendor that provides cybersecurity services is known as a

Managed Security Services Provider (MSSP). MSSPs fulfill a broad array of security responsibilities and can monitor network traffic, manage network and systems security equipment, provide intrusion detection services, administer VPNs, fulfill vulnerability scanning and antimalware responsibilities and mitigate cyberattacks when they occur, typically with the support of an in-house Security Operations Center (SOC) the MSSP maintains and staffs. By fulfilling outsourced managed security services, organizations can rely upon MSSPs to carry that burden and free the organization’s own IT staff to focus on other initiatives.

Examples of MSSPs include:

• Accenture Managed Security
• IBM Managed Security Service Provider Program
• Trustwave Managed Security Services

XDR 

Similar to EDR and MDR, an Extended Detection and Response (XDR) solution usually incorporates holistic and predictive protection within cybersecurity defenses. XDR platforms collect, analyze and compare data collected from a variety of sources to better develop contextual awareness and better identify more sophisticated cyberthreats. Whereas traditional EDR strategies target endpoint protection and MDR solutions usually leverage an outsourced SOC (but may also include an XDR component), XDR is a next-generation approach that expands the security focus to encompass not just endpoints but also servers, cloud applications and email platforms to provide more accurate and proactive protection, often requiring just in-house staff, across all on organization’s threat surfaces.

• CrowdStrike Falcon XDR
• Trellix XDR Platform
• Trend Micro Vision One XDR

SECaaS 

When a business uses the Security as a Service (SECaaS) model, a service provider deploys its cybersecurity software and/or hardware and accompanying services to the customers’ premises. Similar to the software as a service (SaaS) model that inspires its name, SECaaS offerings include myriad technology security related functions, including antimalware protection and monitoring, encryption services, identity management services, intrusion detection, security event management and response and even network penetration testing that customers can purchase via a service subscription model.

SECaaS providers include:

• Qualys
• Tenable
• Palo Alto Networks

SEM / SIM / SIEM 

Security Event Management (SEM), Security Information Management (SIM) and Security Information and Event Management (SIEM) solutions have evolved, over time, to assist organizations in better managing and analyzing the vast security information SIEM platforms collect. Typically deployed alongside managed cybersecurity defenses, organizations deploy SIEM solutions to collect and analyze security event data from everything from servers and network devices to applications. Because SIEM platforms analyze network traffic information and other security events in real time and historically, they can better detect suspicious activities and cyberattacks that might otherwise go undetected.

SIEM examples include:

• Fortinet FortiSIEM Solutions
• LogRhythm SIEM Platform
• NetWitness Evolved SIEM

SOAR 

Security Orchestration, Automation and Response (SOAR) solutions assist coordinating various cybersecurity tasks and responsibilities within a single package, even when the parties responsible for managing assorted components and functions work at different sites or for different organizations. By better coordinating security information management, sharing and response, SOAR platforms excel at managing three distinct functions, particularly within larger organizations: threat and vulnerability management; security incident response; and security operations and administration automation.

SOAR providers include:

• Cyberbit
• Splunk
• Swimlane

Still have cybersecurity questions? 

Notably, some vendors offer multiple security services, such as MSSP capabilities and MDR options. In other cases, a vendor might provide MSSP services using its own XDR platform. Some deploy hardware on your business’ site, while others deliver cybersecurity services using cloud applications. On still other occasions, some IT security providers include both—on-premises equipment and cloud applications.

Subsequently, there’s no foolproof method for determining which cybersecurity approach is best for your firm. But there are some basics by which you can navigate cybersecurity solutions.

Larger organizations and enterprise environments often find SIEM and SOAR solutions a good match for their scale and needs. An EDR platform might work well for a small business, while other SMBs more dependent upon their technologies will likely find MDR or XDR solutions a better fit. Firms seeking to minimize in-house technical staff or needing comprehensive security expertise due to their industry, exposure or another factor may find an MSSP or SECaaS arrangement more consistent with their needs.

As noted earlier, ultimately each organization is different. But the variety of cybersecurity options available and their propensity for customization should provide firms confidence an appropriate cybersecurity solution is available regardless of culture, industry or organization size.

For assistance addressing your organization’s cybersecurity needs, or if you still have questions (which is normal considering the impact and importance of data, network, application and systems security), contact a Louisville Geek technical expert at 502-897-7577 or [email protected]. We’re happy to explore your needs and match an appropriate solution to your requirements and budget.