Daniel O’Neill, Director of MDR Security Operations at Bitdefender, argues eXtended detection and response (XDR) can greatly help overstretched and under-resourced Security Operations Center (SOC) teams. By incorporating automation to correlate data from multiple security components, XDR expands visibility and drastically reduces the burden on an organisation.
It’s tough being a CISO today. The job has never been more high profile as brazen attacks continue to hit the headlines. At the same time, it’s a constant struggle to secure the technology investment needed to properly defend the organisation plus fight to attract and retain top talent from a limited pool.
Smart CISOs are reviewing the underlying technologies and services they use and asking: Are they really keeping up with the threat landscape? Do they automate processes to save time and money? What new approaches are emerging to consider?
No doubt, many will have come across XDR for the first time on this journey. XDR is still in its infancy, so it’s no surprise the jury is still out on its full capabilities, its use cases, and perhaps even its definition. So let’s get into it.
What is XDR?
Yes, XDR is another acronym to add to the industry alphabet soup but it’s also one worth paying attention to, as it offers a more holistic detection and response solution.
Emerging out of Endpoint Detection Response (EDR), XDR is the progression to a unified incident detection and response platform. Its purpose is to reduce the complexity of security operations by unifying security-relevant endpoint detections with telemetry from non-endpoint sources such as network visibility, email security, identity, access management, cloud security and more.
XDR focuses on optimising threat detection, investigation and real-time threat hunting. A unified approach to MDR – the clue is in the title (X = extended MDR). A global SOC with the ability to aggregate and correlate multiple data sources can offer a powerful counter to adversaries. Single source security operations working in tangent with threat intelligence offers a more holistic approach to modern cyber security operations. This allows security teams to better identify unknown threats and respond to them quickly and effectively before they cause disruption in order to minimise business impact.
Reducing the burden, improving threat hunters
Many cybersecurity operations are critically under-resourced. XDR provides much needed relief by automating time-consuming and administrative tasks. This frees up those with advanced cybersecurity skills to fully focus their efforts on verifying and eliminating threats, rather than combing through endless logs for the better part of the day.
What’s more, the opportunity for more meaningful work and more interesting job roles, with access to the latest security tools to monitor and manage threats across the stack, helps attract and retain top tier security talent.
Above all, XDR enables more informed cybersecurity decision-making by improving the operation’s efficiency and providing a coherent view of what is happening across the endpoint, the network and applications, so threats are eliminated before they become a true incident.
An immature market
The XDR market is still immature, with few vendors offering solutions. Despite some claiming full capabilities, it is not always the case.
A lack of transparency within the market results in CISOs rightfully questioning whether XDR is the best solution for current needs or it potentially creates over-reliance on a single vendor. Cybersecurity providers looking to offer XDR need to assess whether they are realistically able to offer every component in an XDR eco-system.
For example, does the cybersecurity provider have the best technology to integrate with multiple security detection tools whilst also providing comprehensive alerts to security teams? Alternatively, partnerships between technology vendors may have to occur to offer an extensive XDR solution.
XDR is a significant step forward. Whilst many organisations have yet to adopt, it has clear benefits in reducing security operations complexity and providing a more coherent view of events.
CISOs look for ways to reduce risk, and XDR helps to significantly lift this burden by freeing up skilled operatives time to focus on what matters most – seeking out and eliminating threats. As the hunt of cybersecurity talent is only getting fiercer, this type of work is potentially the company’s differentiator when attracting the best talent.