Skip Navigation
BlackBerry Blog

The Evolution of EDR to Managed XDR

Written in 1971, the first recorded computer virus in history was a bit of experimental, self-replicating code. Known as the Creeper Worm, it spread across the ARPANET—a precursor to the modern internet. When it infected a system, it merely displayed the message, “I’m the creeper, catch me if you can!”

Today’s threats are vastly more sophisticated and a great deal more malicious, ranging from nigh-untraceable malware to massive self-replicating botnets. Threat actors are far more organized and strategic, resembling dark mirrors of the businesses they target rather than the solitary opportunists they used to be. According to the AV-TEST Institute, malicious software explodes onto the scene with roughly 450,000 new malicious programs emerging each day.

Reactive cybersecurity tools fail to keep up. Legacy antivirus solutions continuously update their definitions libraries, but never quickly enough to protect against zero-day threats. Building a custom solution for every tactic or technique used by threat actors is equally unsustainable, as the resources required to maintain an increasingly cumbersome security stack eventually overwhelm even the best-funded team.

If this is the dim scenario for the deepest and most sophisticated security teams, what hope do small and medium-sized businesses have of defending their organizations?

Endpoint Detection and Response Emerges

Endpoint detection and response (EDR) emerged as an answer to this set of challenges. Usually coupled with endpoint protection platform (EPP) systems, EDR solutions continuously monitor endpoints and gather threat telemetry with a focus on proactively identifying and mitigating potential cybersecurity incidents. Although it represents an enormous step forward from legacy cybersecurity approaches, it still falls short in today’s landscape.

One problem is that EDR solutions focus on endpoints, yet modern ecosystems are considerably more complex. They comprise not just physical endpoints, but hybrid networks, multi-cloud environments, virtual identities, supply chain partners, and more.

EDR vs Extended Detection and Response (XDR)

Just as EDR represents an evolution from legacy security, extended detection and response (XDR) is a step up from EDR. XDR solutions expand on the core functionality of EDR, unifying the detection and analysis of threats across an organization’s entire digital environment. XDR solutions equip security teams with a cohesive, holistic view of their entire technology landscape, giving them complete visibility into the entire attack chain of threat actors.

Yet, for all their benefits, both EDR and XDR suffer from one crucial shortcoming. For organizations that lack a fully funded security operations center (SOC), and/or a skilled department that optimizes the investment, these solutions can be incredibly difficult and costly to implement, manage, and maintain. It could cost organizations as much as $900,000 for a minimal SOC build to $2.2M for an optimal build with 24x7 security coverage. Though it’s true that well-executed XDR deployments can make organizations significantly more secure, they do very little to address the ongoing cybersecurity talent shortage.

Bridging the Cybersecurity Skills Gap with Managed Services

How can organizations overcome this hurdle? By realizing that technology alone is not enough. Companies must consider how the technology is delivered. This inspired the first managed detection and response (MDR) offerings.

MDR is exactly what it sounds like — a service delivery framework for EDR that outsources management and monitoring to third-party vendors. MDR vendors essentially act as an external SOC for their clients. This includes providing 24x7x365 monitoring, reporting, endpoint protection, and cybersecurity guidance.

The next phase of this evolution is managed XDR, which takes the principles of MDR and applies them to XDR. A managed XDR vendor typically performs the same tasks as an MDR vendor, but with a larger scope of focus. To put it another way, a managed XDR solution correlates security telemetry data across an organization’s entire integrated ecosystem. This could include networks, cloud, IoT, mobile, desktops, and servers, as well as SIEMs, FWs, IPSes, and other systems that produce logs and data that can be ingested and inspected for signs of tampering or intrusion. A team of experienced security professionals aggregates and assesses all of the data and provides real-time monitoring to assure the cyber health of your organization around the clock.

So just as XDR is the successor to EDR, managed XDR supplants MDR. Each represents an evolution that extends the scope, focus, and functionality of its predecessor. 

Cybercriminals continue evolving their tactics, techniques, and procedures (TTPs). This includes creating almost a half-million new malware variants every single day. We must evolve as well if we are to remain a step ahead and protect our organizations from these hazards.

If your organization cannot maintain a 24x7x365 SOC, managed XDR fills that gap. Evaluating managed XDR and understanding the way it could fit into your security strategy is a key part of the journey toward maturing your organization's cybersecurity stance. To learn more, we invite you to check out our Managed XDR Buyers Guide.

Shishir Singh

About Shishir Singh

Shishir Singh is Executive Vice President and Chief Technology Officer of the BlackBerry Cybersecurity Business Unit at BlackBerry.