In this interview, we capture real-world experience and recommendations from an enterprise that implemented Stellar Cyber’s Open XDR platform. We talked with Jon Mayled, International IT and Security Director at PlastiPak Packaging, Inc., about what he learned during his implementation.
SC: What is required to implement a successful XDR program?
JM: Although I recommend a fundamental understanding of the technical environment and key information exchanges between endpoints for implementation of a successful XDR program, it’s not an absolute prerequisite. What you will need is a functional understanding of core technical concepts to propel the deployment and utilization of an XDR solution. This includes a strong foundation in networking concepts, a broad understanding of API integration, and a comprehension of log file analysis and interpretation.
SC: What are the challenges in implementing XDR?
JM: With the implementation of any network or traffic analysis tool, normalizing and baselining data can at first be an overwhelming task. This is also true of an XDR platform. But alert noise in the infancy stages of the XDR deployment to be expected; it’s a preliminary step on the path to meaningful alerts and automated responses.
SC: How should enterprises best go about implementing XDR?
JM: Open XDR helps enterprises gain control over which tools/capabilities they leverage, and which they phase out over time. Initially, for example, we didn’t want to eliminate or replace any of our existing tools to introduce this capability. Enterprises should therefore view XDR as an additional layer of security within an already structured environment. Implementation requires the following:
- Identify key systems and software platforms.
- Define networking topologies.
- Gain an understanding of endpoint traffic flows.
- Baseline end-user usage patterns as a ramp to anomaly detection.
SC: How do you measure success?
JM: Although the above implementation steps are not prerequisites to platform deployment, an already defined environment will expedite the implementation of an XDR solution. Success in this context can be measured as the ability to analyze, corelate and react to seemingly disparate traffic patterns while progressively gaining a broader understanding of the underlying environment. Specifically, the more refined the inputs to the platform are, the more meaningful the correlated and actionable alerts will become.
Unlike legacy solutions that reside and operate in ‘functional silos,’ XDR combines each of the underlying technologies into a single, operational platform. In particular, the idea of an “Open” XDR system was attractive to us as it allowed us to retain our investments while seeing the value of an XDR platform. The platform further leverages its combined set of tools through the application of AI and ML, which introduce intelligence into the platform, effectively shifting event analysis and correlation from a reactive to proactive model.
