As continued economic headwinds persist into 2023, security leaders look toward simplifying their security stack and reducing costs. For example, a recent Gartner survey of more than 400 security leaders found that 75% of organizations are pursuing security vendor consolidation strategies, up from 29% in 2020. Within this same survey, the top two security focus areas to achieve vendor consolidation centered on secure access service edge (SASE) and extended detection and response (XDR). SASE has emerged at the forefront of this trend by rearchitecting disparate networking and security functions into a single consolidated cloud service. Meanwhile XDR integrates the sprawl of disparate security tools and applies AI analytics and automation to make threat detection faster and response easier.
The clear benefit of adopting a SASE and XDR strategy is to reduce costs by eliminating low-value legacy security tools and on-premise appliances. But there is a more strategic motive as well. As Gartner points out, the main driver behind vendor consolidation strategy is to minimize risk along with the need to reduce security operations complexity and inefficiencies created by the sprawl of legacy security tools. As a result, organizations looking to implement a plan for vendor consolidation are focusing on SASE and XDR. For example, nearly 70% of respondents plan to adopt SASE within their organizations, while 80% of organizations have plans to adopt XDR.
How SASE + XDR Are Driving Vendor Consolidation
From the SASE perspective, consolidating services served by gateways, firewalls, and VPN appliances under a single umbrella incorporates SD-WAN. It reduces the latency and complexity bottleneck by streamlining direct zero-trust user access to application resources. Netskope provides a single SASE platform to streamline NOC and SOC processes, consolidate vendors, and provide fast, secure access to all applications.
On the XDR side, leveraging a single SecOps umbrella to ingest, normalize, and correlate telemetry across any security tool provides a single AI repository to quickly detect and respond to threats across the entire attack surface. This single-view approach also means that security operations analysts don’t need to access dozens of disjointed security consoles separately. The result is less complexity, and faster MTTR, and similar to SASE, XDR also helps consolidate vendors and simplify the overall operational burden.
The natural intersection between SASE and XDR, and consequently between SecOps and NetOps, is to reduce risk through better visibility and detection that extends beyond network access, to endpoint, email, IaaS/PaaS, and beyond.
SASE and XDR working together are where the force multiplier leverage kicks in, with an astounding 89% of all organizations saying they want SASE and XDR to interoperate. We couldn’t agree more, which is why Netskope, the leader in SASE, has partnered with Stellar Cyber, the leader in XDR, to integrate our products.
Stellar Cyber Open XDR + Netskope SASE = Better Together
If you are not familiar with the difference between what I’ll call traditional XDR and Open XDR, let me briefly explain. Traditional XDR products are typically an evolution of a vendor’s EDR product. They will incorporate additional data sources from the cloud, servers, and network, into the data they are already collecting with their proprietary endpoint agent. Conversely, Open XDR works with any EDR product. Stellar Cyber, for example, currently integrates with every top EDR/EPP product in the market. Moreover, Stellar Cyber works with any security, IT, and productivity solution an organization uses, with more than 500 integrations available.
This flexibility is critical for a couple of reasons. First, organizations are not forced to rip and replace anything they have already deployed to get an Open XDR to work. Using the out-of-the-box integrations, you can quickly plug Stellar Cyber into your security stack and begin to see the value (e.g., finding and eradicating threats faster) from day one.
We chose to work with Stellar Cyber for a couple of key reasons. First, Stellar Cyber was open from the start, and incorporates telemetry from more than 300 tool integrations. This approach means delivering deep visibility across the attack surface with incident-based detections that allow Netskope customers to see the full attack surface landscape and respond to threats faster by taking direct response actions through Netskope (i.e. cut access to an application). Second, after meeting with the team from Stellar Cyber and seeing their commitment to enabling their customer’s success, it was clear to us that Netskope and Stellar Cyber are cut from the same cloth and put customers first in everything we do. In short, we are excited to work with Stellar Cyber to drive additional value to our customers.
How the Netskope and Stellar Cyber Solution Works:
Integrating the products is the first step for Netskope customers to take when working with Stellar Cyber. Stellar Cyber has an integration that will ingest Netskope information into its data lake. Our integrated solution shares telemetry of threat intelligence to enhance overall visibility and detection capabilities. The event information generated by Netskope provides a high-fidelity signal of cloud metadata fed into Stellar Cyber’s XDR platform.
Once ingested, Stellar Cyber normalizes and analyzes the data using AI models with all the other data sources from the environment. All the data collected is enriched with additional context from threat intel sources and other data collected from the environment. At this point, Stellar Cyber uses deep learning, static and custom rules to root out threats. Once identified, the risk score displays (1-100), and associated alerts are correlated to provide a holistic view of the entire attack timeline.
Security analysts can then complete the investigation from within the Stellar Cyber Open XDR platform, initiating response actions directly from the platform, including reaching out to Netskope to isolate a user to a browser, deny access to specific applications, or quarantine the user entirely until further notice.
We look forward to working with Netskope/Stellar Cyber customers on how the combination of our powerful technologies drives increased productivity and effectiveness across the security team.
Keep an eye out for an invitation to a webinar where we will show our joint solution in action.
