What is XDR ?
(Extended Detection and Response)
There’s a new acronym out there in the security space: it’s XDR (Extended Detection and Response). But why do we need yet another acronym and should you care? Over the last several years, many analyst groups have tried to capture the idea of more complex attacks and how to build best practices to put the right security infrastructure in place to help.
The past has delivered successive sets of tools that do solve unique problems.
- The rise of Endpoint Detection and Response (EDR) — endpoints are in many cases the first line of defense or first line of breakdown.
- The rise of Network Traffic Analysis (NTA / NDR) besides NGFW– packets have a wealth of insight imbedded in both their header and content
- The rise of Cloud Application Security Brokers (CASB) — a new way to protect SaaS applications like Office365, which can not be protected with traditional firewalls.
- The SIEM — the backbone of security operations teams; logs have a lot of value for sure
Each of these tools has helped, but that said it is difficult to use so many tools and they add to operational inefficiencies. Yet even with EDR solutions in place, security teams continue to struggle to keep up. Enterprise Strategy Group (ESG) has surveyed many organizations who have tried post-processing EDR and NTA data in an attempt to stitch together attack details. While most teams are depending on multiple, independent tools, ESG research shows that 66% of respondents believe that effectiveness is limited with this approach because it is based on multiple independent point tools.
ESG further notes that “…with 76% of companies claiming that threat detection and response is more difficult today than it was two years ago, current detection and response tools aren’t keeping up. While endpoint detection and response solutions have helped many organizations identify and respond to attacks they believe would have otherwise been missed, many organizations say that they are still falling further behind, lacking the ability to keep up with the volume of modern attacks. A new approach is needed.”
We couldn’t agree more!
So what is XDR? And how does it help? Extend the data you ingest further, ensuring you have pervasive visibility:
- Visibility into endpoints, networks, and SaaS applications like Office365, and cloud infrastructure like AWS/Azure VPC
- Threat intelligence – yes, necessary stuff to fold into your analysis
- Application, host including geolocation, and user information – yes, we need that now too
- Vulnerability scanning results and NGFW logs — yes of course, the more inputs the better
At Stellar Cyber, our family of sensors and agents and over 100 interactions tells you why we define XDR to mean extended (X) detection (D) and response (R). We believe there are three key issues. First, you need to collect security data from anywhere – pervasive visibility. And you need to be able to detect and correlate security events from these data – on premises, in public clouds, with service providers and even see into SaaS applications like Office365 and G-Suite. Third, you need to be capable of responding to threats detected or hunting potential threats very quickly and automatically to minimize the damage.
While doing so, at the same time, few customers if any want to reduce risk while disrupting their current set of tools and best practices. Stellar Cyber’s Open XDR gets past this issue by integrating with anything, first collecting data from any set of existing tools you already have and processing that data better than anyone else through a single big data platform with one intuitive GUI. You leverage one Data Lake with data from different sources and capture high-quality, right data for pervasive visibility and full attack surface monitoring.
We truly make what you have now better. Security metrics are improved across datasets that have been normalized and transformed from the intelligence noted above. Typically, our customers see an improvement in mean time to identification (MTTI) of over 8X. We also see a dramatic improvement in mean time to response (MTTR) of over 20X.
So XDR is, indeed, needed, and Stellar Cyber delivers Open XDR so you’re not forced to give up your existing cyber security tools. Stellar Cyber reduces your security risk without disruption.