MDR, XDR, IT management, MSP, Breach

Security Update: Cybersecurity 101 – MDR vs. XDR, Plus TeamViewer Confirms Cyberattack

  • Cybersecurity 101: MDR vs. XDR
  • Remote Control Provider TeamViewer Confirms Cyberattack
  • CDK Attack: How to Improve Auto Dealership Resiliency
  • TekStream Guides Customers Through Splunk MDR Paradox

Keeping up to date on cybersecurity and cyberthreats is more important than ever to MSPs and for that reason each week we bring you a wrap up of some of the best information published by our affiliate site, MSSP Alert.

This week we’re bringing you news about a cyberattack against remote control tool TeamViewer and a deeper look at one of Splunk’s top MSSP and consulting partners. Plus we spoke with an MSSP about the CDK Software impact on auto dealerships and what service providers should do to help businesses in that vertical industry protect against cyberthreats.

We’ve also took a look at the differences between MDR and XDR. Here's this week’s roundup.

Cybersecurity 101: MDR vs. XDR

As cybersecurity providers advance and evolve their service capabilities, they may fall into one of two camps relative to managed detection and response (MDR) or extended detection and response (XDR) technologies -- or blur the lines by offering both.

What are the similarities and differences between MDR and XDR? And who are the key players in either space? If you’re an MSSP, MSP or cybersecurity vendor, it’s important to know.

MDR and XDR are both cybersecurity services designed to enhance threat detection and response capabilities. However, they differ in scope, integration and in the way they are delivered.

MDR is a service that provides organizations with a combination of technology and human expertise to detect, analyze and respond to threats. It focuses on endpoint detection and response (EDR), but may also include network and log monitoring.

Read the complete story here.

Remote Control Provider TeamViewer Experienced Cyberattack

TeamViewer, a remote control software provider, has confirmed that it was the victim of a cyberattack.

In a statement on June 30, TeamViewer said: “As the investigation progresses, we reconfirm that the attack has been contained to our internal corporate IT environment. Most importantly, our assessment reconfirms that it did not touch our separated product environment, nor the TeamViewer connectivity platform, nor any customer data.”

The threat actor leveraged a compromised employee account to copy employee directory data, such as names, corporate contact information and encrypted employee passwords, for TeamViewer’s internal corporate IT environment.

“The risk associated with the encrypted passwords contained in the directory has been mitigated in collaboration with leading experts from our incident response partner Microsoft,” TeamViewer said. “We hardened authentication procedures for our employees to a maximum level and implemented further strong protection layers. Additionally, we have started to rebuild the internal corporate IT environment towards a fully trusted state.”

Read the complete story here.

CDK Attack: How to Improve Auto Dealership Resiliency

Automotive dealerships have been crippled in recent weeks by a disruption due to a ransomware attack on CDK, a Software-as-a-Service (SaaS) provider that provides an ERP-like dealer management platform.

As CDK works to restore systems used by more than 15,000 retail locations across North America, the company advised that the return of the dealer management system will require several days if not weeks, according to a press statement from Group One Automotive, which owns 202 dealerships in the U.S. and U.K.

CDK’s SaaS platform runs all aspects of a dealership’s operations, including sales, financing, inventory, service and back-office functions. The disruption is forcing pen-and-paper transactions at dealerships. U-Haul and Penske, two commercial vehicle rental giants, are among those impacted.

Meanwhile, Asbury Automotive Group, one of America’s largest car retailers and service providers, warned investors this week that the CDK outage has hurt its business, and it’s unclear when it will end. 

Read the complete story here.

TekStream Guides Customers Through Splunk MDR Paradox

Managed detection and response (MDR) providers that use Splunk tools and services as part of their security solutions can sometimes fail to use them to their full potential, say the tech pros at TekStream, an MSSP and that also works as a business consulting firm, helping enterprises with Splunk implementations. TekStream is also a Splunk "Elite Partner.”

In a recent white paper written jointly with Splunk, entitled The Cybersecurity Paradox: Billions Spent but Breaches Boom, TekStream looks at the false security that can be provided by the concept of MDR-as-a-service. The company says that MDR providers are different and not all of them follow the same standards.

TekStream said that some MDR providers use Splunk as a database with proprietary solutions bolted on, and that's not a cost-effective approach for a few reasons. First, this approach relies on solutions that improperly digest data and distort the view of the security threat surface. Second, these customer companies end up paying for their MDR twice.

Speaking to MSSP Alert on the subject at the recent Splunk .conf24 event in Las Vegas, Bruce Johnson, senior director for Enterprise Security at TekStream, believes that navigating an increasingly complex security landscape requires organizations using Splunk to find a solid MDR partner that can tailor the solution to the specifications of an organization’s requirements. However, finding an MDR partner with a sufficient number of certified Splunk engineers is difficult in a tight labor market.

Read the complete story here.