One new security technology we keep hearing about is Extended Detection and Response (XDR).
This new technology merges multiple prevention and detection technologies on a single platform to better understand threat signals so that you don’t need to purchase, integrate, and manage various control and integration technologies.
Think of XDR as prepackaged EDR, NTA, UEBA (and perhaps other prevention and detection) technologies all tightly integrated on a SOAR-like platform. Of course, you don’t need SOAR technology with XDR as the entire platform is integrated and orchestrated out of the box.
In Gartner’s recently published Top 9 Security and Risk Trends for 2020, XDR was listed first. Cybersecurity company Cynet just released an interesting XDR eBook [Download it here] that provides an excellent primer on this promising new technology.
According to Cynet, the expense and issues involved with combining multiple siloed control technologies usually make an effort not worth the effort. Logically, it makes sense, and it is critically needed, but it’s nearly impossible in practice.
One of the biggest issues with multiple, siloed security controls is alert overload. Because the alerts are coming from different sources, it’s challenging to understand which ones matter and, more importantly, which ones matter in combination.
That is, any single alert may be dismissed as unimportant, but when looked at in the context of other, related alerts, it may signal a dangerous threat. When the signals from the different security controls are combined, XDR platforms can essentially “see the forest through the trees.”
Beyond detection, XDR controls also offer various levels of response automation. At the most basic level, simply (although not very simple!) combining similar alerts helps security analysts see the bigger picture and take appropriate action.
Without XDR, these signals can be potentially missed until the threat proliferates or can take significant time to investigate in order to understand the full impact of the threat. With XDR, this can all be automated.
The bottom-line benefits, according to Cynet, are:
- Natively combining prevention and detection controls from the meaningful attack vectors to automatically separate real alerts from noise, as well as uncover subtle threat clues that may have gone unnoticed with siloed detection tools, leads to unprecedented threat detection accuracy.
- Spending far less time chasing after false-positive alerts, automatically remediating threats, and eliminating the time required to integrate, maintain and operate disparate vendor systems leads to improved efficiencies.
- Consolidating multiple security products into a single XDR platform, reducing a large volume of alerts into fewer meaningful incidents along with automating response actions results in tremendous cost savings.
Given the ongoing barrage of cybersecurity attacks, the time is ripe for a security solution to help make sense of all the defensive technologies we’ve put in place. These technologies are great, but they’ve become rather unwieldy. Simplifying and rationalizing the cybersecurity stack is a much needed and welcome development to cybersecurity professionals everywhere.
Download the XDR eBook here.