MDR vs EDR: Which One is Right for Your Organization?

January 10, 2020

Gartner recently published a new Market Guide on Endpoint Detection and Response (EDR) Solutions* where Arctic Wolf is recognized and profiled as a Representative Vendor for “EDR Vendors Directly Providing MDR Services.”

An EDR solution helps you more effectively manage your post-breach response by monitoring for suspicious activity on endpoints such as laptops and desktop computers.

Of course, no security method is 100% effective: it's not a matter of if your defenses will be breached, but when. However, EDR helps detect a breach sooner to quickly mitigate any possible damage.

The Benefits of EDR:

  • Visibility: EDR provides real-time visibility into your endpoints to help you quickly identify malicious activity.
  • Behavioral protection: Unlike tools that only monitor for known threats, EDR can help you detect suspicious activities that may indicate an unknown threat type.
  • Insight: EDR can help provide more context behind an attack so you can tailor your response.
  • Remediation speed: EDR can help you accelerate your breach investigation so you can limit any damages to your business.

Gartner predicts that “by the end of 2023, more than 50% of enterprises will have replaced older antivirus products with combined endpoint protection platform (EPP) and EDR solutions that supplement prevention with detect and response capabilities.”

As the Gartner Market Guide shows, there are many types of EDR solutions on the market, each with its own strengths and weaknesses, but as market demand grows, there are two key questions evaluators of these solutions should ask themselves.

Is Endpoint Detection Enough?

Endpoint detection only works for endpoints that have an EDR agent running, which means you will need other tools to monitor your network and cloud services. Without other monitoring tools, many common endpoints won't be covered, such as printers, appliances, network gear, and unsupported endpoints like mobile phones, vendor systems, IoT devices, or rogue virtual machines.

Stand-alone EDR services are most appropriate for organizations with strong cloud and network security, but who also need enhanced endpoint protection.

Who Will Respond to Endpoint Threats?

EDR’s complexity makes it challenging for organizations without dedicated security experts on staff to quickly review alerts and respond to threats.

According to Gartner, “The speed of detection and response are critical, and many organizations lack the resources and skills to respond effectively. Therefore, the more advanced vendors in this segment are also providing expert managed detection and response (MDR) services to augment the customer’s own teams and provide alerting and monitoring.”

Arctic Wolf™ Managed Detection and Response, offers organizations personal, predictable protection via the industry’s original Concierge Security™ Team. These dedicated security analysts and engineers act as an extension of your organization’s internal team, providing custom threat hunting, alerting, and reporting that improves your security posture and keeps valuable business data safe.

To learn more about how EDR and MDR work together to deliver advanced endpoint protection, join our webinar on January 15: Comparing EDR, MDR, and MSSPs for Security Monitoring, Detection, and Response

*Gartner “Market Guide for Endpoint Detection and Response Solutions,” Paul Webber, Prateek Bhajanka, Mark Harris, Brad LaPorte, 23 December 2019

Previous Article
New Orleans Cyberattack Signals Dire Straits for Unprepared Municipalities
New Orleans Cyberattack Signals Dire Straits for Unprepared Municipalities

Next Article
What to Expect when Negotiating with Cybercriminals
What to Expect when Negotiating with Cybercriminals


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!