IT Support

EDR or MDR: Which is better for me?

Chloe Ireton

Chloe Ireton

My name is Chloe and I am in charge of all things marketing at Nebula. I started as an apprentice at the start of January 2024, and completed a degree in Graphic Design previously. Outside of work, I love everything to do with motorsports – I try and attend car shows and events as much as possible. Aside from this, I find that being out in nature and walking is very beneficial and allows me to have some time away from the screens.

Published on December 12th, 2024

Another week, another high-profile cyberattack. This time it was perpetrated by pro-Russian hackers on a string of councils around the UK, with Middlesborough, Portsmouth and Salford among those targeted.

These attacks happened to be what are called “distributed denial of service (DDoS) attacks” on the council websites, where websites are bombarded and have to be taken down, meaning legitimate users cannot access them.

It costs time and resources to a council, but it could be a terminal disruption for an SME who relies on its website for revenue generation.

With the constant threat level out there from one form of attack to another, we wanted to explore a couple of approaches to cybersecurity and how each may suit a particular type of business.

The approaches in question are Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR). They could be seen as the next two rungs on the cybersecurity ladder after a more basic antivirus solution.

How does EDR work?

To know what EDR does, you need to know what an endpoint is. Endpoints are the devices that your employees use to interact with your IT systems – so most commonly laptops, desktops, smartphones and tablets.

EDR is a relatively enhanced solution which monitors your endpoints, collecting data around usage and activity, and then proactively seeking out anomalies. This is a step up from antivirus, which may act as more of a gatekeeper, working to protect threats entering your IT estate. EDR is looking behind the lines for anything that has breached the first defence and is now up to no good.

This is particularly helpful when you consider how long hacks can go unnoticed. One report from IBM suggested it took on average 204 days to detect a breach. If a bad actor is let loose on your network for even 24 hours undetected, the damage could be done – so EDR is very useful in this respect.

The data that EDR collects can be invaluable for IT teams overseeing security. Moreover, machine learning functionality may help the processes become more efficient over time, learning when not to flag activities, and so reducing false alarms.

There is a limitation to EDR though, and this is where MDR comes in.

How does MDR work?

EDR does a great job, and is well suited to businesses who have an in-house security team ready to act upon the alerts that it provides. However, where you do not have the ready-made resources to respond, you may learn of a problem and not be able to remediate it.

MDR on the other hand could be considered as “Endpoint Security as a Service”. It does everything that the basic EDR platform can, but has a human team monitoring the readings on your behalf and ready to act when necessary.

This is good for if: you have insufficient IT resources, you want your team to be focusing on something else or you are scaling up or down and don’t want to be distracted by managing your IT staffing levels.

Nebulas view

Both EDR and MDR can be good for your business, depending on your circumstances and what you are trying to achieve. It is positive that there are a range of solutions out there to suit different companies and we can help you with either.

To find out more about EDR or MDR, please get in touch with us today and we can help tailor a solution to your needs.