Cybersecurity today exists in a weird in-between space. On the one hand, it’s a crucial business component: without a proper cybersecurity plan in place, everything is at risk. On the other hand, it can seem almost unintelligible: a blizzard of interchangeable acronyms amounting to a kind of alphabet soup.
You could argue that this isn't a problem—after all, businesses hire cybersecurity professionals to stay on top of this stuff. Given how important cybersecurity is to a business’s maintenance, it’s imperative that people in the C-suite have a solid understanding of how it all works. A baseline fluency in cybersecurity terminology brings all kinds of advantages to executive leadership—not least the ability to make better-informed decisions.
You don't need a master's in software engineering to grasp the basic terminology here. With a little bit of effort, C-suite executives can quickly learn the difference between, say, NDR and XDR (or EDR, SOAR, SIEM, etc.).
This article is a quick primer to help you get started.
Network Detection and Response (NDR)
Conventional cybersecurity solutions are signature-based: they're on the lookout for any unauthorized presence in your network. These solutions are essential but fail to account for several important possibilities. What if, for instance, a bad actor attempts to disguise themselves as a familiar network presence? What if they access a back door and hide in a shadowy part of your network? Scenarios like these show the limits of signature-based detection—and demonstrate why Network Detection and Response (NDR) is so critical.
NDR doesn't assess network presences individually. Instead, it uses advanced machine learning and behavioral analysis to get an overall sense of your network's minute-to-minute traffic patterns. This enables deviations to be quickly flagged to relevant security personnel. As a result, intruders can be identified earlier in the attack cycle—helping to prevent potential damages from spiraling out of control.
Managed Detection and Response (MDR)
It's important to note that NDR isn't plug-and-play and needs to be operated by trained security personnel to be effective. This is where Managed Detection and Response (MDR) comes in. The term refers simply to any entity, typically a Managed Security Services Provider (MSSP) that manages NDR for a given organization.
An MSSP’s responsibilities in this context can vary. In addition to monitoring your network, they may also take on jobs like rapidly responding to detected anomalies or alerting staff so that they can respond. MSSPs are becoming increasingly important, as organizations have struggled to hire and retain skilled personnel and cybersecurity budgets have shrunk.
eXtended Detection and Response (XDR)
There are countless breach points on any given network. There are endpoints—i.e., any device that connects with your network: networks and servers, cloud deployments, physical security systems, etc.
Any of these, if left unmonitored or undefended, can be the focal point of an attack. It’s crucial to maintain a broad view of one's network—which is what eXtended Detection and Response (XDR) offers.
XDR provides a bird's-eye view, enabling you to take in your network's interlocking pieces. Bad actors, for instance, will often ladder between different breach points once they've gained access to a system. By showing organizations how every part connects, XDR helps cybersecurity personnel analyze this activity. The silos that often serve as an impediment to effective cybersecurity are removed, facilitating more proactive attack detection and response.
Endpoint Detection and Response (EDR)
Of the many breach points listed above, one deserves further attention here. Namely, endpoints. The last decade has seen an explosion of endpoints with employees accessing sensitive workplace information from laptops, home computers, mobile phones and more. Especially at large companies with thousands of employees, the potential for attack has never been higher.
Endpoint Detection and Response (EDR) has emerged as a solution to this problem. Every device that interacts with a given network has an agent installed on it. The agent interacts with a central server that then receives and analyses user activity data. From there, modern analytic methods, such as pattern and signature-matching, statistical baselining and machine learning, are put to work to confirm nothing unusual is happening on a given endpoint.
If and when something suspicious is detected, EDR takes action. As a result, teams will receive ample time to understand a threat, as EDR alerts relevant personnel or automatically shutters communication from a given endpoint device.
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) is not unlike XDR. By using automation, it provides a top-down view of network activity enabling users to take in the full breadth of an organization's security data. From there, the data can be analyzed to spot patterns and potential anomalies.
Along with NDR and EDR, SIEM forms part of what Gartner has called the Security Operations Center (SOC) Visibility Triad. Collectively, these solutions form the gold standard of cybersecurity, helping businesses identify cyberattacks, breaches and data exfiltration events in real time.
Security Orchestration, Automation and Response (SOAR)
So, we’ve discussed a wide variety of cybersecurity solutions. But what about the top-level strategizing required to make these solutions work in unison?
This part of the process cannot be neglected because a cybersecurity solution is only valuable if it’s intelligently and strategically deployed. This is where Security Orchestration, Automation and Response (SOAR) comes in.
SOAR integrates your security systems and helps organizations define how cybersecurity tasks should be executed. Through SOAR, organizations are granted incident response plants tailored to their individual needs, resulting in quick and efficient resolution of previously time-consuming, costly incidents.
While this simple glossary won’t give C-suite executives all the background they need to make informed cybersecurity decisions, it can serve as a jumping-off point for further investigation. With attackers hiding around every corner, every stakeholder in an organization—not just your security teams—should understand this terminology.
Petr Springl is Senior Director, Software Engineering at Progress.
