Cybersecurity Detection and Response Benchmark (EDR, NDR, XDR, MDR) 2021
Thank you for your participation in Aberdeen’s latest cybersecurity benchmark research, which is aimed at measuring the adoption and impact of current solutions for detection and response. The results from this study will be used to generate and publish insights into the strategies, capabilities, and technologies that correlate with top performance in these areas.
For the purposes of this benchmark study, Aberdeen uses the following high-level descriptions:
· Endpoint Detection and Response (EDR) solutions are designed to go beyond traditional endpoint protection platforms based on signatures for known malware and attack patterns, by focusing on real-time threat activities on the endpoint. Integration of threat intelligence, machine learning, and real-time file analysis enables EDR solutions to detect and contain never-before-seen malware and advanced persistent threats on traditional enterprise endpoints (e.g., PCs, laptops), mobile devices (e.g., smartphones, tablets), and other network-connected devices (e.g., IoT, OT).
· Network Detection and Response (NDR) solutions are designed to provide visibility into threat activities involving network-connected enterprise resources that EDR may not see (e.g., unknown / unmanaged devices, legacy systems, embedded systems, and industrial controls / operational technology), by focusing on threat movements and communications across systems. Integration, analysis, and correlation of network traffic, log, event, flow, and session data from network firewalls, switches, routers, servers, cloud-based workloads, and security infrastructure (e.g., SIEM) enables NDR solutions to complement and enrich the telemetry from EDR.
· Extended Detection and Response (XDR) solutions are designed to collect and correlate threat activities across endpoints, networks, servers, cloud-based workloads, and existing security infrastructure (e.g., SIEM), to provide enterprise security analysts with automated, accurate, AI/ML-enriched alerts for faster, more efficient investigations and response. XDR solutions not only incorporate and correlate telemetry from EDR and NDR, but also automate the integration and correlation of additional signals (e.g., threat intelligence, indicators of attack, indicators of compromise) to provide enterprise security analysts with a collection of related threat activities — as opposed to a list of isolated alerts.
· Managed Detection and Response (MDR) solutions refer to the delivery of an enterprise-tailored mix of threat identification, protection, detection, and response capabilities by a trusted service provider, to augment the existing skills and bandwidth of enterprise security staff — ranging from providing notifications and actionable guidance on response, to taking direct actions on the enterprise’s behalf.
Powered by Qualtrics