Hello peers,
I work for a large manufacturing company. We are evaluating EDR and XDR solutions for Endpoint Security, can anyone suggest some good ones for comparison with pros and cons? We did a demo with CrowdStrike, FortiEDR, and SentinelOne.
Thank you for your help.
I'm a bit late to the party, but this topic and the cybersecurity market's knack for just making things too dang confusing is something I'm a fan of addressing. A couple things. First, these acronyms are heavily abused by vendors so best to unpack what your desired outcome is and not expect their definitions to be apples-to-apples. For instance:
1. EDR vs. XDR (Endpoint vs. Extended): It comes down to scope. EDR is a security solution watching and defending endpoints. What's an endpoint? Workstations, servers, virtual machines, even mobile devices. Any XDR solution can get away with protecting that plus something else. But it SHOULD consist of 1) network traffic, 2) user and entity behavior, 3) cloud infrastructure, and 4) SaaS applications to name a few.
2. SecOps Architecture: What's your big picture to cover your entire IT estate? If EDR is truly the only missing link and you have threat detection and incident response (TDIR) covering the other aforementioned attack surface, great! Then EDR is probably the right-size/scope solution. If not, back up and think about your entire attack surface and if you should consider "TRUE" XDR. If you consider XDR, start with their integration library. Many so-called XDR solutions have pitiful data source (telemetry) coverage.
3. Delivery Model (SaaS or Managed Service): Do you have the staff resources and expertise to drive these tools to get the promised outcome? If so, think SaaS. If not, think Managed EDR or Managed XDR. And if you are looking for the latter, be ready to inspect the real SLA of the vendor. Are they giving "managed" lip service or real tailored service to you.
If it's still of any use, we also have some good resources to unpack XDR, Open XDR, Managed XDR and what all how to go about evaluating your options at https://www.netsurion.com/capa...
I agree with Carsten and want to add my experience. With S1, I get more false positives and resource consumption is a little bit more. Currently, I'm using CD and happy using it. MDR Services is provided by its own staff, not 3rd party. Single-click rollback is a plus with S1.
About XDR, it depends on your company's security culture. I think there's no application that you just deploy and relax. If someone says "we do", I simply don't believe it. Network security is a different issue and it's hard to identify adversaries only with AI. You have to have a team to follow up on network traffic. For EDR, AI is more convenient. With XDR, AI will give you lots of false positives. After a while, you'll get exhausted from the noise. Also, most attacks target endpoints, so EDR has more priority in my opinion.
hi, if they have the personnel trained with EDR it is more than enough otherwise XDR is necessary, but the detail to review is the costs of XDR. Greetings
Hi,
It seems you are already looking at some of the best and leaders in the new Gartner Quadrant. SentinelOne and CrowdStrike are very close in their offerings, detections, and responses. CrowdStrike might be a little more mature in their MDR offering, but both are doing very well in protecting your endpoints.
You might consider Cybereason as well.
Regarding EDR vs XDR, according to the Gartner Hype Curve, EDR is a more mature technology whereas XDR's maturity mostly is on the material from marketing. The difference is whether or not external logs and alerts are consolidated within the platform. Most EDR vendors claim they have XDR as well, but as most vendors, they talk the talk way before they can walk the walk and before the market are ready for the adoption. So if you are a first mover you can go for the full package but you must expect to accept some bugs and be the vendor's remote test lab.
Besides that, nearly all solutions have APIs to be called and thus can be included in most platforms.
Hi Raja - Have you looked at Xcitium? Xcitium has a patented piece of technology to deal with unknown malware and unknown ransomware. CrowdStrike, FortiEDR, SentinelOne, etc. all rely on detection which fail as it's impossible to detect something you don't know about. At Xcitium, Good? Let it in. Bad? Kill it. Unknown? Automatically put in our detection-less protection. Containment also removes the hindrance of productivity as one can still open, edit, and access their file. Care to chat? https://calendly.com/megan-tol...
Both EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) solutions are designed to improve endpoint security by detecting and responding to threats.
EDR solutions typically focus on monitoring endpoints for suspicious activity, such as the creation or modification of system files, changes to the Windows registry, or the execution of suspicious processes. EDR solutions provide a detailed view of endpoint activity, allowing security teams to quickly identify and investigate potential threats.
On the other hand, XDR solutions expand beyond endpoint-focused capabilities to include other security sources such as network traffic, cloud workloads, and email. XDR solutions leverage machine learning and behavioral analytics to provide more advanced threat detection and response capabilities, allowing security teams to detect and respond to threats faster and with greater accuracy.
Ultimately, the decision of which solution is better for endpoint security depends on your specific security needs and the resources available to your organization. EDR solutions are generally a good fit for organizations with a limited security team or budget, while XDR solutions may be more appropriate for larger organizations with a more complex security environment.
Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) are two solutions for endpoint security that offer distinct features and benefits.
EDR solutions provide continuous monitoring of endpoints and provide visibility into events, incidents, and threats on those endpoints. These solutions help detect and respond to attacks in real-time, providing administrators with granular control over endpoint activity.
XDR solutions, on the other hand, provide a more comprehensive approach to security. These solutions incorporate EDR capabilities but extend their coverage to other areas such as network, cloud, and email. By combining data from multiple sources, XDR solutions provide more context for security events, improving their accuracy and effectiveness.
Here are some EDR and XDR solutions for comparison:
Pros and cons of EDR vs XDR:
EDR Pros:
EDR Cons:
XDR Pros:
XDR Cons:
In conclusion, the choice between EDR and XDR solutions depends on the specific needs and requirements of your organization. While EDR solutions provide effective endpoint protection, XDR solutions offer more comprehensive protection across multiple environments. Ultimately, it is recommended to evaluate multiple solutions and choose the one that meets your specific security needs.
in Addition to my answer: demo is nicejust test the solutions fully by doing a poc/pov. Play through all the nitty/gritty dos and donts and see with which solution you feel better Also look how you are been taking care of. If you dont feel good about responsiveness and helpfulness you better keep your distance. Pricing is always a trigger for management but if you tell them the low-cost (there is no such thing with EDR and XDR by the way) solution didnt play well pre-sales they can conclude whats happening after deal-time.