This past year, extended detection and response or XDR technologies have been seeing a lot of buzz and attention. Yet many in the security industry are still trying to understand the nature of these new solutions and what they can do for organizations. With a significant amount of education to be done around the topic, we spoke with Brian Murphy, CEO and Founder of ReliaQuest about some of the basics of XDR and how organizations should be using the technology.
What does XDR mean?
While XDR is a relatively new term in the security industry, the challenges it addresses are nothing new to security teams.
XDR is designed to synthesize and correlate data across the operating environment, including both security and business infrastructure. Email, endpoints, servers, networks and the cloud are all brought into the security data stream to provide comprehensive visibility within the XDR solution, which then compiles data with threat intel sources and applies detection and analytics capabilities.
With an XDR solution, security teams are better able to analyze threats and prioritize those most critical to the business. Beyond this, the resulting improvements in visibility, detection and the automation of low level tasks, mean security programs can take a more proactive posture. In practice, this allows security teams to get ahead of threat actors and establish advanced metrics they can use to measurably improve their security program.
What should CISOs know about XDR?
XDR holds a lot of promise, but there is still work to be done in terms of categorizing and defining the technology. There are a number of different vendors taking different approaches and offering varied solutions that make up their XDR platforms. This means it can quickly become confusing for a CISO trying to evaluate which product will best suit the needs of their organization. Most commonly, vendors are focusing on providing an ecosystem of their products stitched together with XDR functionality, while others are offering “open” XDR that integrates with existing security tools.
When is XDR the right choice for CISOs and security professionals?
Before making a purchase CISOs should review their current strategy and existing resources and evaluate how their current program supports their long term goals. CISOs looking to evolve their security program, increase visibility across their networks, cut investigation and response times, and implement automation will find XDR solutions well suited to their needs. XDR is also the ideal solution for security professionals looking to take a more active, rather than passive approach to cybersecurity.
What is the difference between a closed and open approach to XDR?
With the “ecosystem” model, organizations can implement “plug and play” solutions with assurance that all products in the platform work together, and can be customized to work within a specific environment. The pitfall of this approach, however, is that these solutions will often necessitate a rip and replace approach to some, or all, of the customers’ existing security tools.
“Open XDR,” on the other hand, focuses on overlaying existing security tools with an XDR platform. This allows organizations to maximize the value of their existing security spend – across tools, people and process – while also gaining more visibility into their environment. Implemented properly, Open XDR platforms offer the same functionality as closed systems, but provide the additional benefit of evolving an existing security program rather than completely replacing existing tools.
The Impact of XDR
The ultimate outcome of XDR is to identify and remediate the most significant threats and move security teams from reactive to proactive mode. An open approach to XDR creates more effective security outcomes. With any rapidly emerging trend in the industry, it’s important to not get blinded by the shiniest new object or buzzword in the industry. Ultimately, CISOs should ensure their XDR solutions will enable their security program to support strategic business objectives.