Detection and Response (XDR).
This new technology merges multiple prevention and detection
technologies on a single platform to better understand threat
signals so that you don’t need to purchase, integrate, and manage
various control and integration technologies.
Think of XDR as prepackaged EDR, NTA, UEBA (and perhaps other
prevention and detection) technologies all tightly integrated on a
SOAR-like platform. Of course, you don’t need SOAR technology with
XDR as the entire platform is integrated and orchestrated out of
the box.
In Gartner’s recently published Top 9 Security and
Risk Trends for 2020[1], XDR was listed first.
Cybersecurity company Cynet just released an interesting XDR eBook
[Download it
here[2]] that provides an
excellent primer on this promising new technology.
According to Cynet, the expense and issues involved with
combining multiple siloed control technologies usually make an
effort not worth the effort. Logically, it makes sense, and it is
critically needed, but it’s nearly impossible in practice.
One of the biggest issues with multiple, siloed security
controls is alert overload. Because the alerts are coming from
different sources, it’s challenging to understand which ones matter
and, more importantly, which ones matter in combination.
That is, any single alert may be dismissed as unimportant, but
when looked at in the context of other, related alerts, it may
signal a dangerous threat. When the signals from the different
security controls are combined, XDR platforms can essentially “see
the forest through the trees.”
Beyond detection, XDR controls also offer various levels of
response automation. At the most basic level, simply (although not
very simple!) combining similar alerts helps security analysts see
the bigger picture and take appropriate action.
Without XDR, these signals can be potentially missed until the
threat proliferates or can take significant time to investigate in
order to understand the full impact of the threat. With XDR, this
can all be automated.
The bottom-line benefits, according to Cynet, are:
- Natively combining prevention and detection controls from the
meaningful attack vectors to automatically separate real alerts
from noise, as well as uncover subtle threat clues that may have
gone unnoticed with siloed detection tools, leads to unprecedented
threat detection accuracy. - Spending far less time chasing after false-positive alerts,
automatically remediating threats, and eliminating the time
required to integrate, maintain and operate disparate vendor
systems leads to improved efficiencies. - Consolidating multiple security products into a single XDR
platform, reducing a large volume of alerts into fewer meaningful
incidents along with automating response actions results in
tremendous cost savings.
Given the ongoing barrage of cybersecurity attacks, the time is
ripe for a security solution to help make sense of all the
defensive technologies we’ve put in place. These technologies are
great, but they’ve become rather unwieldy. Simplifying and
rationalizing the cybersecurity stack is a much needed and welcome
development to cybersecurity professionals everywhere.
References
- ^
Top 9 Security and Risk Trends for
2020 (www.gartner.com) - ^
Download it here
(go.cynet.com) - ^
Download the XDR eBook
(go.cynet.com)
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/5qI80A37ZZM/cybersecurity-response.html