What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Mar 15, 2023
CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Zero-Day Vulnerability
THE THREAT On March 14th, as part of Microsoft’s monthly Patch Tuesday release, the company disclosed a critical, actively exploited vulnerability impacting Microsoft Office and Outlook. The…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Oct 26, 2020

What is XDR?

And Why MDR is Likely a Better Option for You.

6 minutes read
Speak With A Security Expert Now

Extended Detection and Response (XDR) has received a great deal of attention in 2020. In fact, in September Gartner awarded XDR the number one spot in their Top 9 Security and Risk Trends for 2020, to go along with third place on their Top 10 Security Projects for 2020-2021 (behind only “Securing your remote workforce” and “Risk-based vulnerability management”).

Going back a little further, in March of this year Gartner published an Innovation Insight for Extended Detection and Response. And Gartner isn’t alone in giving attention to XDR: for instance, in June CSO Online published 10 things you should know about XDR.

All of these articles and examinations do a pretty good job of describing what XDR is—but they fall short when it comes to relating XDR to other security options like Managed Detection and Response (MDR). And that isn’t just speculation on our part: in recent months we’ve had many customers and prospects ask us what XDR is and how it fits into the broader world of cybersecurity.

What is XDR?

The Gartner Top 10 list cited above describes XDR as, “a unified security and incident response platform that collects and correlates data from multiple proprietary components.” The description goes on to specify that, “The platform-level integration occurs at the point of deployment rather than being added in later. This consolidates multiple security products into one and may help provide better overall security outcomes.”

Gartner’s Top 9 list explains further that XDR solutions, “improve threat detection and provide an incident response capability.”

Now we know what an XDR solution does, and we can decompose the description into some required components:

Critically, XDR is intended as a platform that you as a customer would purchase and manage yourself. So, a necessary part of the “how” security outcomes are delivered falls on your team’s ability to effectively configure, manage, maintain and—ultimately—use the platform.

A familiar pattern: the latest super-platform

Based upon the accepted understanding of what an XDR does and how it does it, an XDR platform sounds a lot like a SIEM that also includes response capabilities. Indeed, there are already several examples in the market of SIEM and Security Orchestration, Automation and Response (SOAR) vendors experimenting with the XDR label to cash in on the hype.

But the history of cybersecurity is full of “the next big thing” that will finally consolidate security signals, apply automatic intelligent analysis, and trigger or enable effective responses. What makes XDR different? When you peel back the covers, the answer is “not much.” The underlying technologies have evolved since the heady days of SIEM, for instance, but many of the same potential shortcomings remain.

In fact, this pattern is familiar, because the same thing played out with SIEM:

The same problems that have plagued SIEM will also impact XDR. These include:

And of course, all of these localized problems exist against the backdrop that simply recruiting, retaining and sufficiently resourcing cybersecurity professionals is extraordinarily challenging due to a worldwide shortage of such specialists. Even a perfect XDR platform can’t solve that problem for you.

The major difference between MDR and XDR: who does the work?

The primary difference between MDR and XDR is who is responsible for managing the security platform and delivering the detection and response.

With XDR, these functions are left to you, the customer. With MDR, the operational heavy lifting is taken care of for you by the managed security provider.

The “manage-it-myself” approach may work for Fortune 100 enterprises and other very large, very well-resourced organizations. But for everyone else—the vast majority of organizations, in fact—this strategy just won’t work. And that’s not an indictment of effort or ability, it’s simply an honest appreciation of the resourcing reality.

In contrast, with eSentire's MDR service our team—sales engineers, SOC analysts, threat hunters and others—takes on the responsibilities of installing, configuring, and managing the security solutions, as well as detecting and responding to threats.

Moreover, our experts do what technology and the vast majority of security teams (even within Fortune 100s) can't do, including hunting and investigating threats, proactively researching to develop detectors and authoring reliable runbooks to enable fast and effective response.

This managed approach is one reason why the time-to-value with MDR is so fast—often on the order of days or weeks—versus the months which is the best-case scenario for solution as complex as XDR.

eSentire Atlas: an innovative twist on XDR

At eSentire, we agree with much of what Gartner and others have to say about XDR from a functional and outcome-oriented perspective. In fact, Gartner’s description of XDR is remarkably consistent with our own Atlas platform: a "cohesive security incident and response platform," that includes "alert and incident correlation, as well as built-in automation," within "a unified whole that offers multiple streams of telemetry, presenting options for multiple forms of detection and concurrently enabling multiple methods of response."

We think of Atlas as a cloud-native XDR that applies across all our deployments, rather than being applied to only a single organization. One extremely important advantage of this approach is that Atlas has visibility into eSentire's entire customer base, for a rising tide-effect that enables proactive prevention measures to better protect each and every client before a particular threat appears in their environment. That is, we have expansive visibility into threats around the globe, whereas even the largest XDR client only has direct exposure to threats that they have encountered directly.

Plus, while Gartner and others envision XDR platforms only working with a single vendor’s proprietary security components (e.g., their endpoint agent, their log aggregator, their network probe, etc.), Atlas allows eSentire customers to choose from a growing list of security partners. This choice is just another way Atlas provides the benefits of XDR without the limitations.

XDR or MDR: which is right for you?

Done right, and in the right organization, XDR could be an important development in cybersecurity. But “done right” and “in the right organization” are two deceptively strict qualifications.

“Done right” means that the platform actually delivers what it promises; needless to say, that will be a challenge. But even if this technical and functional challenge is met, it’s still unlikely to be enough for the vast majority of organizations because of resource limitations—and these same resource limitations are why MDR is likely a much better choice for the vast majority of organizations.

Where XDR describes technology—a collection of functionality and capabilities which Gartner believes is required to create positive security outcomes—MDR represents the synthesis of people and technology through efficient and effective processes.

In other words, where XDR provides a platform, MDR offers a solution.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.