What’s the Deal with Open XDR
Managers of MSSP cybersecurity teams face many challenges, including the growing number and complexity of threats, tight budgets, a shortage of security analysts, and overworked teams who are frustrated by high volumes of alerts. Analyst teams have struggled for years with the philosophy of using a dozen or more discrete security tools to hunt for and resolve threats, but it’s not working. The challenges seem to grow each year. And these challenges impact business growth and margin!
The philosophy behind XDR (eXtended Detection and Response) is different. Rather than seating analysts at separate consoles that detect small parts of security problems and leaving it to humans to correlate the data, XDR platforms consolidate inputs from all those tools, correlate the data, and display it on one screen, making it easier to see and handle incidents occurring anywhere across the attack surface.
Further, XDR platforms typically incorporate AI processing to recognize and (in some cases) automatically respond to threats, which significantly reduces the flood of alerts analysts must deal with.
XDR thinking was a major step forward, but there are challenges with it as well. As a proprietary product, its various components all come from the same company. Companies that are good at EDR or SIEM essentially build on those foundations by adding missing pieces such as NDR and TIP.
One problem with this is that buying into the XDR platform usually means abandoning existing investments in other companies’ tools, and some of the new XDR platform tools aren’t as effective as the ones they replace. No company can be a technology leader in every category. Another challenge is having to retrain one’s analyst team on the new tools which, in some cases, can take weeks or months.
Enter Open XDR
Open XDR picks up where XDR leaves off. Like XDR, it consolidates inputs from many different tools, correlates and analyzes the data, responds automatically to some threats to reduce alert volume, and displays results in one place. The difference is that those various tools can come from many different vendors.
Open XDR platforms are also built around EDR, NDR or SIEM foundations, but in most cases, these platforms will easily integrate with other existing tools you already know and like. This eliminates the need to abandon investments and greatly reduces training time.
The better Open XDR platforms use highly intuitive dashboards, that are aligned with the MITRE ATT&CK Framework, and populate them with fewer, contextual security events that are prioritized with information about where threats are and how to deal with them. In this way, the best Open XDR platforms reduce training time even more, make analysts happier and more productive, and slash Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
For CISOs at MSSPs and MSPs with lean security teams, delivering value to the customer – and doing it efficiently and cost-effectively – is a key priority. Open XDR platforms support those goals better than any legacy security technology. To learn more contact Stellar Cyber www.stellarcyber.ai.