EDR, MDR, XDR, SIEM, SOC – understanding the jargon in cybersecurity monitoring
Posted on March 9, 2023 by Louise Howland
The cybersecurity product market is full of acronyms which can make it hard to determine what security monitoring services you need, and what benefits you get from them. In this blog we explain the meaning behind these acronyms and what you need for your organisation’s safety. We’ve designed our own secure+ service to be a complete cybersecurity monitoring & response solution that complements your existing security services, such as Anti-Virus and Firewall, and means that you don’t need to shop around for additional security products.
Simply put, secure+ is a fully managed service which aims to detect malicious activity across your IT estate, and respond to potential threats by taking the necessary steps to safeguard your organisation and prevent any damage from being done.
At the core of secure+ is the powerful Microsoft Sentinel platform, which is an internationally recognised “Security Information & Event management” (SIEM) system. Sentinel ingests user activity and event data from a raft of different sources, applying Machine Learning and Artificial Intelligence on these events to determine if they are suspicious or unusual, passing them to our Cybersecurity Analysts for further investigation.
A “Security Operations Centre” (SOC) is a team of qualified people who are responsible for managing all security aspects for your organisation, including preparation & prevention, monitoring & response, incident recovery, and compliance management. Full SOC services are aimed at large enterprises with complex networks where there is a need to be performing real-time detailed analysis of every packet of information crossing their network, looking for obscure new threats, which obviously is extremely expensive. Our Secure+ service far more cost effective than a traditional SOC as it has been developed to identify and act upon the real-world threats that we see day-in-day-out. We also continuously review emerging threats to ensure our services keep up to date with current security trends.
EDR stands for “Endpoint Detection & Response”, which is commonly performed by most modern enterprise-grade Anti-Virus solutions, such as Sophos Intercept X and Microsoft Defender for Endpoint. Your anti-virus will automatically respond to certain key events, such as quarantining suspected malware. Some AV services now offer what is called “Extended Detection & Response” (XDR) which detects events across more than just endpoints. secure+ integrates your Anti-Virus solution into our cybersecurity monitoring services, meaning that ramsac can provide a complete “Managed Detection & Response” (MDR) service for your organisation.
With secure+, we can ingest data from a number of different sources, including Microsoft 365, Azure Active Directory (AD), on-prem or hybrid AD, Windows servers, Anti-Virus solutions, Firewalls and more. This means that with secure+, ramsac can assess threats across your entire IT estate, and offer you a level of protection that is hard to match with piecemeal products and services from other providers.
Brochure: secure+ from ramsac
secure+ is a proactive cybersecurity monitoring service designed to hunt for signs of malicious activity or potential cyberbreach, ramsac then takes action to prevent damage from being done.