Cyber detection is an important part of cyber security, enabling a rapid response to detected threats so that attackers are not able to access sensitive data.
Some threats are known, and automated cyber detection programs can monitor for these and trigger automatic or manual responses when a threat is detected.
However, attackers are developing new ways to compromise secure systems all the time, and it is essential that threat detection and response should allow for these previously unknown attacks.
What are the different types of detection services?
There are many different types of detection services, and these are often referred to using three-letter acronyms (and in some cases, four-letter acronyms).
Some of the most commonly used TLAs in cyber detection services include:
- MDR: Managed Detection and Response, a professionally managed approach to detection
- TDR: Threat Detection and Response, an umbrella term used for cyber detection as a whole
- EDR: Endpoint Detection and Response, a form of cyber detection that focuses on endpoint data
- NDR: Network Detection and Response, a form of cyber detection that focuses on network data
- XDR: Extended Detection and Response, which uses broad algorithms to detect cyber threats
Commonly seen four-letter acronyms include SOAR (Security Orchestration, Automation and Response) and SIEM (Security Information and Event Management). These can refer to general approaches to network security, incident alerts, automated and manual responses.
ITDR (Identity Threat Detection and Response) is a specific discipline within the wider field of TDR, and is specifically concerned with protecting identity systems, e.g. by preventing unauthorised access using compromised employee credentials.
What is the difference between detection and prevention in cyber security?
Prevention is better than cure, and a well secured network will include measures to stop attempted cyber attacks at the network perimeter, e.g. a network firewall and incoming email scans.
Cyber detection is a little different. It’s about identifying threats that exist on your network, so that any active exploits can be ended and repaired.
This does not mean that your preventative measures are inadequate (although it may indicate that a review of network security is needed), but can be a consequence of newly developed exploits and newly discovered zero-day vulnerabilities.
Managed detection and response (MDR) puts cyber detection in the hands of experts like Venom IT, so any newly found vulnerabilities can be patched quickly and data integrity restored.
What is the difference between TDR and EDR?
TDR (Threat Detection and Response) is a general term for detecting and mitigating cyber threats and can include specific disciplines like EDR, NDR and ITDR.
EDR (Endpoint Detection and Response) is a specific niche within TDR and focuses on endpoints such as computers, laptops, smartphones, IoT-enabled devices, peripherals and wireless devices.
By creating a point of connection from the outside world to a business network, these endpoints represent a common target for cyber attacks – EDR recognises this exposure and uses it as a starting point for cyber detection, helping to prevent attacks at their source.
How can cyber detection services help my business?
Cyber detection services are an essential investment for any data-driven business, to reduce network downtime, protect sensitive data and prevent enforcement action from the ICO.
Venom IT’s managed detection and response services give you peace of mind that your business is professionally protected against cyber attacks through a convenient Security as a Service (SECaaS) subscription plan.To find out more, contact Venom IT today or read our guide to Cyber Security Basics.