MDR. EPP. EDR. XDR. The list goes on for acronyms relating to cyber security. As hackers and internet crimes become more advanced, organizations have to adapt and implement quickly to protect their environments. The basics of a secure environment consist of five elements, as defined by the National Institute of Standards and Technology (NIST):
If your organization lacks in any one of these categories and becomes compromised in some fashion, it could spell disaster. Most times organization leaders think of monetary or financial losses when it comes to a security breach. Although financial loss can be a great burden and significant in some cases, a vastly greater expense can be the loss of positive reputation and trust from your clients once you’ve been breached. By deploying a secure environment that ensures the five NIST standards, you set your organization up for success.
So, what options are there for each standard to ensure you have a strong and secure environment? First, it’s important to understand what the definition is of each function defined by NIST.
- The “identify” function as a solution that ‘assists in developing an organization understanding to managing cyber security risk to systems, people, assets, data and capabilities.’
- The “protect” function ‘outlines appropriate safeguards to ensure delivery of critical infrastructure services. This supports the ability to limit or contain the impact of a potential cyber security event.’
- The “detect” function ‘defines the appropriate activities to identify the occurrence of a cyber security event. This enables timely discovery of cyber security events.’
- The “respond” function ‘includes appropriate activities to take action regarding a detected cyber security incident. This supports the ability to contact the impact of a potential cyber security incident.’
- Lastly, the “recover” function ‘identifies appropriate activities to maintain plans for resilience and restore any capabilities or services that were impaired due to a cyber security incident. This supports timely recovery to normal operations to reduce the impact from a cyber security incident.’
There are several security products available that you can deploy for your organization. Some of them cover all five NIST functions while some cover one or few.
One of the most popular security deployments is Antivirus. This is the industry’s first solution allowing basic protection. Antivirus’ function is to identify known threats, also known as signature-based detection, such as malicious links in email. Antivirus software stops these known threats from reaching an end user. This solution covers three functions from NIST: identify, protect and detect. Antivirus falls short of response and recover, however. Your IT team would have to respond and recover following an event.
Another up-and-coming solution is Managed Detection and Response, also referred to as MDR. This offering covers three functions as well: identify, detect and respond. These deployments are often 24×7 monitoring of your network environment, including endpoint hardware, network and cloud. This is the next level of defense in your environment after Antivirus. It includes a response when a threat is detected. This managed response means your team does not have to be constantly monitoring the network for threats and will be alerted by the MDR solution if it identifies and/or detects an issue.
Endpoint Protection, or EPP, is another security solution often deployed. EPP takes Antivirus up a notch with Artificial Intelligence that doesn’t rely on signature-based identification, meaning it can detect threats that may not have previously been identified by the system. This solution fulfills the identify, protect and detect functions of NIST.
Endpoint Detection Response, or EDR, is the first solution to fulfill all NIST standards in one solution for endpoints. EDR combines EPP and Detection Response (DR) into one holistic solution. EDR identifies threats utilizing AI technology and responds in various ways, such as quarantining an email or a file that has a malicious factor detected. EDR also can be a managed solution, wherein you can outsource the monitoring and managing of the solution and allow your IT staff to focus on other important functions of their job.
The last and most recent solution is Extended Detection and Response, or XDR. XDR is a combination of MDR and EDR, and not only monitors your endpoints but also your entire network, including switches, access points, firewalls, data center infrastructure and more. XDR meets all NIST standards for your entire network, where EDR only meets that criteria for endpoints. XDR solutions can be a great advantage in protecting your organization while reducing the amount of software packages your IT team has to manage and monitor.
If you have one or some of these solutions already deployed, there are options to supplement your existing security posture to decrease your risk of bad actors getting into your network with one of the aforementioned solutions. With the recent advances in EDR and XDR, you also have the option to replace your existing environment and implement a package that eliminates the frustration and hassle of integrating multiple software solutions into one system. Many organizations with a cyber security practice offer assessments to evaluate your existing security landscape and advise on the best solution for your specific organization’s needs and challenges. This is a great place to start the conversation if you want to evaluate your network and ensure your organization is as secure as possible to prevent an attack.
Citon, along with our partners ACP CreativIT and Camera Corner Connecting Point are happy to help your organization deploy a solution that will decrease the risk of bad actors getting into your network. Contact us through the Connect button below to talk to one of our experts today or visit our cyber security page here.
Source 1: NIST.gov
Acknowledgements include: ACP CreativIT, Camera Corner Connecting Point and NIST.gov