Blog > Managed Detection and Response

EDR vs NDR vs XDR vs MDR

EDR vs NDR vs XDR vs MDR

If you are in the IT or cybersecurity field, you will surely have noticed the appearance of new terminologies in cybersecurity. Buzzword? Marketing effect? Or simply new technologies that have arrived on the market?

In this article we will demystify these terminologies.

EDR (Endpoint Detection and Response)

Like an antivirus, EDR is a computer protection technology. The fundamental difference with the antivirus is that EDR can detect malicious tools, but also other types of activities that take place on a computer. An attempt to connect to a malicious website or a malicious lateral movement in the network are examples. The EDR is designed to automatically detect and respond to these activities that a traditional antivirus cannot detect on its own.

The EDR will also collect and provide information necessary to investigate (forensic analysis) any identified malicious activity. As we can see, the EDR goes beyond the actions taken by a traditional antivirus.

There are several EDR solution providers on the market, but you should know that their functionalities are not necessarily the same. Some EDRs will also have antivirus functionality while others are designed to detect what the traditional antivirus cannot.

NDR (Network Detection and Response)

NDRs are technologies that help protect your network perimeter against cyberattacks that target you. They can be in the form of a physical or virtual box and work by capturing and analyzing all traffic that enters and leaves your network. An NDR will discover all of the computers in your network by itself and will monitor the inbound and outbound activity of these computers in order to identify attacks that target them as well as data exfiltration attempts for example.

One of the characteristics of NDR is the use of AI in the detection of cyber attacks.

NDRs are therefore advanced intrusion detection systems (IDS/IPS).

To put it simply, consider NDR = IDS/IPS.

XDR Extended Detection and Response

An XDR refers to a technology that centralizes security alerts from several existing security tools in your network (antivirus, EDR, NDR/IDS/IPS, etc.). The alerts will then be corrected and analyzed by the XDR to detect more complex attacks.

You do not have to buy a tool labeled XDR. An existing tool in your network can play this role.

At Streamscan we use our NDR technology called CDS as an XDR. To do this, we collect alerts from other network security tools via APIs and inject them into our CDS which then analyzes all this data. It's easy!

MDR (Managed Detection and Response)

MDR refers to proactive cybersecurity monitoring of computer networks. In an MDR team you have various profiles of people working together to protect you against cyber attacks: intrusion detection specialists, cyber threat hunters, malicious code analysis specialists, etc.

An MDR service uses one or more cybersecurity technologies. Some MDRs use only EDRs, others use only NDR. Another category uses a mix of technologies. As you may have noticed, there are different MDR offerings. Make sure you choose the one that meets your needs.

Note also that MDR is a natural evolution of the traditional approach to cybersecurity management called SOC (Security Operation Center). The SOC is passive and SOC analysts only intervene when an alert is raised. However, often when an alert is generated, it is already late. The MDR is therefore much more adapted to the current network security management.

Discover how Streamscan can help you

Streamscan is a provider of NDR and EDR cybersecurity technologies. We also offer a 24/7 MDR monitoring service to help organizations stay safe from cyber attacks.

Talk to one of our experts or call us at +1 877 208-9040.

CTA Newsletter