Yusuf On SecuritySecurity news, opinion and advice

Extended detection and response (XDR)

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable easier, faster triage and efficacy in investigation, threat hunting, and accurately responding to incident before it gets out of hand. By unifying threat detection data and tools and strengthening capabilities and context to respond quickly to incidents, XDR allows the kind of collaboration and openness that helps teams thrive. XDR comes as a platform that automates day to day mundane tasks, eliminating error prone manual steps, and enriches data and tools to analyze in ways that are otherwise not possible.   

XDR also triggers an immediate response when threats are detected, without the need for analysts to go into a different tool. Instead of taking a strictly reactive approach to cyber security, it allows the organization to actively defend itself from cyber threats, providing unifying visibility into multiple attack vectors. By applying complex analytics and threat intelligence, the platform  provides the complete context needed to gain a threat-centric view across an entire chain of events, across layers of defense. 

 Extended detection and response is a security solution that provides comprehensive visibility, detection, investigation, and response at the granular level, across multiple layers of security. XDR aggregates and correlates deep detection and activity data across multiple layers of security: emails, endpoints, servers, cloud workloads, and networks. Compared with EDR  tools, XDR takes a wide angle view of what matter most, integrating data from endpoints, clouds, identities, and other solutions.    

The platform enhances the capabilities of the technologies that came before it, technologies such as siem, soar and EDR  to name a few. The platform  bring already invested high-grade security solutions deployments, taking advantage of the state-of-the-art technologies that actively detect and gather security threats, as well as adopting strategies for future cyber security threats detection. The platform brings insights and data into mitigating and responding to modern attacks, by creating a solution out of the existing controls like endpoints and networks, data and analytics enable products.  

XDR is the future of security and a great platform  that provides an alternative to traditional reactive approaches, which only offer layer-level visibility into attacks, such as endpoint detection and response, or EDR ; network detection and response, or NDR; user behavior analytics, or uba, and security information and event management (siem).   

 Because XDR has access to the raw data collected throughout an environment, it is capable of uncovering malicious actors who are using legitimate software to access the system (something that SIEM, or Security Information and Event Management, software, is generally not capable of doing with a lot of success). A potentially good XDR platform aggregates threat data together and applies different analytics methodologies in a dynamic fashion to identify, investigate, and validate the threat is valid before initiating a response. Assessments may allow the platform to provide deeper threat detection, and then produce a proper threat response.   Unlike EDR , however, which only performs this function for endpoints and workloads, XDR goes beyond endpoint defenses to react to threats at all the points of security governance that XDR touches, from container defenses to networks to servers. The platform, in contrast, aggregates and provides access to the complete data lake of activities from across the different security tools, including detection, telemetry, metadata, and NetFlow.   

When combined with SIEM and soar solutions, hybrid XDR solutions provide enterprises a more robust mechanism for threat detection, response, and scale, helping them to maximize their security investments. With robust automation, ai, and expert-built detection and prescribed response actions accessible via a single unified dashboard security teams can address attacks across silos – mitigating risks and quickly closing threats. 

 

Author
Yusuf
Join the discussion

Further reading

What will it take?

A great piece on what it will take to improve the safety of the connected world. Read it here.

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called...

Recent podcasts