Digital innovation has been a critical business driver for most organizations, especially over the past 12 months. Now, following a year of high-profile ransomware and other cybersecurity incidents, many organizations are recognizing the exposure this innovation has created. Specifically, new work styles, increasing cloud delivery of applications and support for on- and off-network access has created a host of edges that need to be secured, including the edges of the wide area network such as SD-WAN, edge computing and LAN edge.
However, before acquiring even more security products designed to meet these mounting challenges, many security leaders recognize that complexity is already one of the leading challenges in cybersecurity.
This has led many businesses to reconsider their security strategy. In fact, according to a recent survey by Gartner, 80% of organizations are either currently or planning to consolidate vendors into an integrated solution set that is more manageable and effective. As they exist today, these tools typically work in isolation, keeping information separate between various controls or consoles. This means that security teams are left to manually coordinate events, a task that is often time-consuming and labor-intensive. Threats can fall through the cracks, ultimately going undetected and unresolved.
Value of Extended Detection and Response (XDR)
To stay ahead of today’s advanced threats and address the challenge of cybersecurity complexity, customers must have comprehensive visibility and control across their distributed networks. A major drawback of many security solutions is that their capabilities are often limited in scope, and even those with broad scope lack integration and automation. An emerging security concept being adopted by security teams to help fill this gap is extended detection and response (XDR). XDR is a “unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components,” according to Gartner.
For partners, XDR solutions create an opportunity to offer customers a differentiated approach to what have been traditionally independent security categories – network security, endpoint security, email security and cloud security. Through a consolidating principle such as XDR, individual security solutions can see, share and analyze data, which helps teams more easily detect threats and guide a coordinated response that spans the entire attack surface.
Why Most XDR Solutions Fall Short
Extended detection and response presents an opportunity to combine multiple product solutions into an integrated system that focuses on detecting, investigating and responding to evolving threats. There are three challenges in accomplishing this.
The first challenge for many vendors is that their solutions fail to cover the entire attack surface, covering one or a few different attack vectors such as endpoint, cloud, email or network individually. The value in XDR lies in its ability to combine multiple solutions.
Another challenge is that though vendors may offer a full range of security products and solutions, those components may have been acquired individually over time and are loosely integrated. As a result, it’s a heavy lift to normalize and correlate security information from the components, which leaves little development resources for higher-value analytics and automation. Rather than providing a cohesive system in such situations, XDR instead loosely compensates for the platform’s inability to interoperate.
Investigation is the third challenge organizations typically face when choosing an XDR solution. If an XDR solution only focuses on detection and response, it leaves investigation on the shoulders of security analysts. An effective solution should autonomously perform a thorough investigation to determine a threat’s validity, nature and scope, freeing cybersecurity professionals up for higher-priority initiatives.
Key Considerations When Choosing an XDR Solution
Three key considerations to keep in mind are …