Crossposted using Lemmit.

Original post from /r/cybersecurity by /u/boondock_ on 2023-07-05 12:37:16+00:00.

Like the question states, does the EDR brand matter if you have an MDR in place? This is assuming the EDR and MDR is reputable, highly regarded.

We are currently evaluating MDR vendors and many of them support several EDR platforms.

We have the Microsoft E5 and have access to MDE because of that we are entertaining the changing from our current EDR. Our current EDR has no issues, but we are looking at it from a cost savings standpoint. From articles we have read; MDE and our incumbent are scored relatively the same on several websites and reviews, some even hade MDE slightly higher.

Even the MDR companies we are interviewing score them the same and have pros/cons to both. To the point, it feels like we are splitting hairs to determine which way we are going, with the cost savings as the biggest reason for the move. On the other side, the biggest hold up is that we have some team members that don’t want to go all in on the MS Security bandwagon, we already do Defender for Office.

This discussion spawned a separate discussion that I’d like to get input on. If you have a reputable EDR and back that up with a solid MDR, does the EDR even matter? MDR groups are building out their own detections to enhance what your EDR is already doing, at least that’s the value add there in my opinion.