XDR is the rising star of new acronyms , but you might have to read a 1,000+ word long article to understand its value. Let’s try to do it briefly in about 300 words. X means to expand DR’s –   Detection and Response   – systems  – to cover your entire attack surface, not just a portion of it. The current  security operations  are built on siloed noisy tools which create blind spots with high volume of alerts, which can cause alert fatigue. Hackers not only attack those blind spots, they also attack several aspects of your environment to overwhelm your security team. Request a Demo When your team is faced with thousands of individual alerts routinely it is difficult for anyone to know where to start.  XDR  leverages machine learning to automatically correlate the disparate alerts into incidents to close this gap. The incidents are scored and prioritized before they are presented in a simple to understand format highlighting the shortest path to remedia...

  Many  MSSP’s  use  SIEMs  and other log management/aggregation/analysis solutions for  cybersecurity  visibility, but is log analysis enough? We’re hearing more and more about holistic security solutions like  XDR platforms  that claim to cover the entire attack surface, especially because the latest pipeline attack reinforced the compound nature of today’s sophisticated multi-stage  cyberattacks . The attackers admitted they did not expect their attack to shut down the pipeline, but the result has been devastating.  Let’s take a quick look at what we get from logs, and what we don’t get from logs. Logs by their very nature are a view into the past.  They give us visibility into the activity of file and application servers, user management systems like Active Directory, e-mail servers, and other tools. When the logs are properly correlated and analyzed, we can know when anomalies occur in these systems.  But what about z...

  The current model for  cybersecurity  is broken. It consists of acquiring and deploying a lot of stand-alone tools, each with its own console, to analyze logs or traffic and detect anomalies that could be  threats . In this model, it’s up to each  security analyst  to communicate with other analysts to determine whether each tool’s individual detection (each of which, by itself, may look benign), can correlate with other detections from other tools to reveal a complex attack. This model forces enterprises to create complex security stacks consisting of  SIEM ,  SOAR ,  EDR ,  NDR  and more, for the purpose of instrumenting the enterprise, identifying threats, responding to threats, and managing risk. Acquiring all of these tools and managing their licenses is complex and expensive, and the manual correlation required to compare each tool’s detections leaves a lot of gaps in the overall  security infrastructure .   Analys...