Why XDR (Extended Detection and Response)

Timing is everything

As the security industry wrestles with current security infrastructure, the cries of…

  • Too many point security products
  • Too many blind spots
  • Too much noise and thus alert fatigue
  • Too late to find attacks
  • Too slow to investigate, to hunt and to respond
  • Too much data to handle or too little to be actionable
  • Too hard to find well-trained security professionals

…. are only louder than ever, yet we all know that not changing your behavior when you know you should is the definition of insanity.

Historically, security buyers evaluated products on an individual basis in which firewall vendor A would have a bakeoff against firewall vendor B, and endpoint detection and response (EDR) vendor C would be compared to EDR vendor D. Conceptually, this might make sense, because having “best of breed” everywhere should offer the best protection.

This has led to a number of problems, the biggest of which is security tool sprawl. ZK Research has found that the average number of security vendors in an enterprise is 32. Cisco’s research has found there are over 70 security vendors in an enterprise, on average. Whatever the number, it’s too many, because keeping policies consistent is almost impossible. More tools mean more alerts, and require more well-trained security people to manage these tools and deal with those alerts, and more screens to look at in order to investigate and hunt threats.

Despite so many individual tools, breaches still happen every day. One reason is that attack surfaces are changing, from endpoints and networks to the cloud, and there are too many blind spots in coverage. The big challenge is that although these individual tools give the best for what they provide in their own scope, they don’t connect the dots across the entire attack surface – from endpoints, to network, and to the cloud. Without that, attacks are hard to detect, and analysts are slow to investigate and respond.

So how do we move beyond our mental bottleneck and our concern of disruption due to change?

What’s the alternative?

The solution to this is the idea of a security platform where data is gathered and correlated across the traditionally siloed security tools at a macro level as opposed to trying to analyze the data from individual tools at micro level. Stellar Cyber and other vendors are now calling this XDR — extended detection and response, which is the evolution of EDR, NTA/NDR (network traffic analysis, detection and response) and cloud security. In fact, EDR perfectly highlights the problem with a non-platform approach. EDR solutions are great at finding issues on the endpoints, but rarely is the problem limited to the endpoints. EDR may not see the root of the problem. Now tie an EDR and other tools into an XDR platform, and you have extended your visibility and brought that combined data into one – yes, one – single pane of glass for pervasive visibility.

ESG and Ovum see the platform idea coming to fruition

Recent work from analysts like ESG and Ovum demonstrates that the XDR / platform idea is in fact emerging as a trend. This is the same as the big take-away by analysts from ZK Research during this year’s RSA event, the biggest security event of the year.

Stellar Cyber puts one more aspect into play by ensuring that our XDR platform is in fact open to all existing security tools. We are keen to help customers leverage everything they have already invested in. Our Open XDR platform operates in a heterogeneous environment. In fact, in many cases, we reduced storage costs of our customers’ existing  tool enough to free up their budget to buy our Open XDR platform. Let us show you how we can make your current data more useful and reduce your risk, without disruption.

Ad

No posts to display