Skip links

The difference between EDR and MDR

Let’s get medieval.

The bugles sound and you don your heavy armour.

Two lackeys lift you up on to your horse and, as she pounds toward the approaching enemy, you realise that, in your haste, you have not protected her with her own armoured suit.

An arrow strikes and bounces off your metal protection.

Another strikes and misses you, but you feel your horse buckle and, as you hit the ground you see six or seven soldiers approaching.

They are not on your side.


And now let’s bring our story up to date.

Relying only on EDR (Endpoint Detection and Response) to prevent cybersecurity beaches is like riding into battle on a horse without armour.


Let me explain.

EDR is a collection of tools that monitor endpoints on devices to detect and respond to suspicious, and potentially malicious, activity.

Widely hailed as the next gen of cybersecurity tools, it works by monitoring endpoint events. These are then recorded in a central database where further analysis, investigation, reporting and alerting take place.

In a nutshell, EDR systems provide a means for continuous monitoring and analysis to more readily identify, detect and prevent advanced threats at your endpoints.


But there’s a chink in EDR’s armour.

EDR doesn’t monitor across all sources or access points in to your network.

For example, laptop activity isn’t matched to what is happening in applications hosted in your Cloud.


Which leads to the question:

If you only have EDR then who is monitoring the rest of your estate?

Or, are you riding into battle on a horse without armour?


Here’s one scenario:

A hacker has deployed a phishing attack to access an employee’s Office 365 account. This could well go undetected with just EDR monitoring.

And we know how the story goes from here.

Once in, hackers can:

  • Send further spam and phishing emails
  • Redirect inbound emails to the attacker’s account
  • Change invoicing details
  • Direct funds to their own bank accounts

And once a breach is detected you will need to go through the process of declaring the attack to the ICO, who may issue fines and will almost certainly insist on controls being put in place.


Maybe now is the time to get your horse fully armoured?

Managed Detection and Response (MDR) encompasses many of the tools used for EDR. But it goes further.

Much further.


MDR will monitor your entire environment, not just your endpoints. This includes servers, network devices and traffic, endpoints and cloud services.

It is seeing massive growth because it saves companies needing to invest in expensive talent and tools, and protects their entire business 24/7/365, not just aspects of it.

Gartner predicts that 15% of mid-sized businesses and bigger corporations will be using MDR services by 2020, a big leap from the less than 1% of companies that were using them just a few years ago.


And it makes sense.

If the horse carrying your otherwise well-protected company goes down – unfortunately you go down with it.

Find out more about Falanx Cyber’s Managed Detection Response service or contact us today to request a quote. 


READ NEXT: Why you need dark web scanning as part of your monitoring service

Leave a comment