The need for consolidated detection and response

If you pay attention to emerging trends in cybersecurity, you’ve probably seen the explosion of companies marketing XDR, the latest acronym buzzword on the market, which stands for eXtended Detection and Response. We’ve written about XDR in other content, but rather than focusing on the definition, let’s talk about why XDR is necessary and what it can do for you.

Why you should care about XDR

So let’s start with the why. While the specifics vary between organizations, there are a few chronic issues that have plagued security operations teams for years, and continue to get worse over time. But the overriding theme is operational complexity. With the typical SOC bouncing between around 20 security tools or more, almost every security team receives far too many alerts to handle. Aggravating that situation is the fact that too many struggle to find and retain skilled personnel necessary to deliver 24x7 security, which is an increasingly necessary mandate.

Why hasn’t this problem been solved already?

The security stack is constantly evolving. Over the years, more effective but highly specialized detection and response tools have been rolled out, like EDR, NDR, UEBA. While these deliver deep visibility into specific threat behaviors, the information is highly siloed and their alerting capabilities are limited, becoming yet another prolific generator of false positives. And each new platform introduced another technology with another UI/UX to learn. So not only are security analysts expected to master 20 or more products, each stack being unique to the individual organization, in an actual investigation they have to bounce from screen to screen to run down and respond to anything other than the most basic attacks.

So the answer to too many tools is another tool?

In a word, yes. Not because XDR renders existing solutions obsolete, but because it simplifies the process of using them through a combination of simple integration, detection and response automation and centralized case management. XDR delivers subtraction by addition, acting as the focal point of your security operations by giving you one place to coordinate all of your detection and response activities.

What can XDR do for you?

Related posts:

A product manager wears a lot of hats. The PM is a jack-of-all-trades, and they end up managing other people about as much as they do a product. What does it take to succeed at all aspects of the job…

Another interestingly fun fact about psychology that it keeps us fascinated as humans are always curious about knowing their minds better! So, scroll down to find some more amazing facts on human…

Artist and educator Zach Lieberman has been appointed as an adjunct associate professor of media arts and sciences at the Media Lab. As of the fall 2019 semester, he is teaching courses and working…