Listed as one of Gartner’s Top 10 Security Projects for 2020-2021 and touted by every vendor as “the latest evolution,” XDR (extended detection and response) has emerged as a new holistic approach to proactive protection against modern sophisticated attacks. While it is not always clear as to how XDR differentiates itself from a SIEM / Nextgen SIEM, the concept of XDR has also shown promise to transform the scale and efficiency of a security operations function.
As interest and adoption for XDR continues to rise, it is important that security leaders look past industry hype to understand how XDR can be used to impact their organisation.
So, what is XDR?
XDR as an approach to security that extends detection and response from the user, through the network and into the cloud to provide security operations teams with threat visibility wherever data and applications reside.
XDR solutions combine network detection and response (NDR), endpoint detection and response (EDR), behaviour analytics, and security orchestration, automation, and response (SOAR) capabilities into a single, incident detection and response platform to make it easier for security teams to respond to advanced threats.
How Can XDR Help Me?
A security operations team must view XDR an alternative to traditional reactive approaches that provide only layered visibility into attacks, such as endpoint detection and response, network traffic analysis and SIEM.
Multiple point technologies may provide important information, but can also lead to problems, including:
- Too many alerts that are incomplete and lack context. According to the SANS Institute, EDR detects only 26 percent of initial vectors of attack, and due to the high volume of security alerts, 54 percent of security professionals ignore alerts that should be investigated.
- Time-consuming, complex investigations that require specialized expertise. With EDR, the mean time to identify a breach has increased to 197 days, and the mean time to contain a breach has increased to 69 days. – “2018 Cost of a Data Breach Study,” Ponemon Institute, 2018
- Technology-focused tools rather than user- or business-focused protection. EDR focuses on technology gaps rather than the operational needs of users and organizations. With more than 40 tools used in an average Security Operations Centre, 23 percent of security teams spend time maintaining and managing security tools rather than performing security investigations.
The net result for already-overburdened security teams can be an endless stream of events, more tools and information to pivot between, longer time to detection, and security spends that are over budget yet not fully effective.
XDR brings a proactive approach to threat detection and response. It delivers visibility into data across networks, clouds and endpoints while applying analytics and automation to address today’s increasingly sophisticated threats.
With XDR, security teams can:
- Identify hidden, stealthy, and sophisticated threats proactively and quickly.
- Track threats across any source or location within the organisation.
- Increase the productivity of the people operating the technology.
- Get more out of their security investments; and,
- Conclude investigations more efficiently.
From a business perspective, XDR can enable organisations to prevent successful attacks as well as simplify and strengthen security processes. This, in turn, enables them to better serve users and accelerate digital transformation initiatives – because when users, data and applications are protected, companies can focus on strategic priorities.
Kontex has extensive experience in helping organisations mature their EDR, NDR, SIEM and XDR platforms into effective, modern SOC programmes.
Allow our advisory team to assess the XDR market to select the best solution for your unique needs while our core security practice can ensure an effective deployment that will grow and mature as your business changes. We are best positioned to support you.