What is XDR? - Extended Detection and Response



There’s a relatively new acronym out there in the security space: it’s XDR(Extended Detection and Response). But why do we need yet another acronym and should you care? Over the last several years, many analyst groups have tried to capture the idea of more complex attacks and how to build best practices to put the right security infrastructure in place to help.

The past has delivered successive sets of tools that do solve unique problems.


  • The rise of Endpoint Detection and Response (EDR) — endpoints are in many cases the first line of defense or first line of breakdown.

  • The rise of Network Traffic Analysis (NTA / NDR) besides NGFW– packets have a wealth of insight imbedded in both their header and content

  • The rise of Cloud Application Security Brokers (CASB) — a new way to protect SaaS applications like Office365, which can not be protected with traditional firewalls.

  • The SIEM — the backbone of security operations teams; logs have a lot of value for sure

Each of these tools has helped, but that said it is difficult to use so many tools and they add to operational inefficiencies. Yet even with EDR solutions in place, security teams continue to struggle to keep up. Enterprise Strategy Group (ESG) has surveyed many organizations who have tried post-processing EDR and NTA data in an attempt to stitch together attack details. While most teams are depending on multiple, independent tools, ESG research shows that 66% of respondents believe that effectiveness is limited with this approach because it is based on multiple independent point tools.

ESG further notes that “…with 76% of companies claiming that threat detection and response is more difficult today than it was two years ago, current detection and response tools aren’t keeping up. While endpoint detection and response solutions have helped many organizations identify and respond to attacks they believe would have otherwise been missed, many organizations say that they are still falling further behind, lacking the ability to keep up with the volume of modern attacks. A new approach is needed.”

Location: Santa Clara, CA, USA

Popular posts from this blog

Why MSSPs Need a Human-Augmented Autonomous SOC

For today’s MSSPs (Managed Security Service Providers), the game has changed. Rapidly increasing alert volumes, evolving threat vectors, and an unforgiving labor market are forcing providers to rethink how they deliver security services. While legacy SIEMs and first-generation automation promised relief, they often led to bloated toolchains and burned-out analysts. Read Full Article
Read more

SIEM Logging: Overview & Best Practices

Security Information and Event Management (SIEM) is a pivotal cybersecurity tool that centralizes the security information swirling around the thousands of endpoints, servers, and applications within your organization. As end-users and devices interact with every application touchpoint, they leave digital fingerprints in the form of logs. Read Full Article
Read more

Unpacking the 2023 Top 250 MSSPs Report

Image
  Recently, MSSP Alert published its yearly report on the  Top 250 MSSPs . The report is chock-full of interesting information from a survey of MSSPs that makes it a worthwhile read. Below are a few key takeaways that anyone working with an  MSSP , looking to become an  MSSP , or an MSP seeking out an  MSSP partner  might find helpful.  Being an MSSP Can Be a Profitable Business Anyone who has started a business knows that the ultimate goal is to become profitable, which is easier said than done. While the  MSSPs  listed in this year’s report undoubtedly put in extremely long hours regularly, the fruits of their efforts are extraordinary. Over 80% of those who participated in the survey report that their business is profitable. If you were to survey other industries, you would be hard-pressed to find one where 8 out of 10 participants were profitable.  The question is, how are they doing it? Anecdotal from my experience working with thos...
Read more