In the last several months the  XDR acronym  is being used by almost every  security product  manufacturer.  It is one thing to say that you have it, but the hard work that goes into building the detections takes  years .  It is not enough to say that you have a big data platform that you can dump things into and search; you need actionable  detections  that lead to meaningful correlations. Here are two key things to consider as you look at  XDR . Data Normalization –  To get full visibility, the first thing you need to consider is the data itself. Every security product has a different way of presenting its logs and alerts.  Network solutions , endpoint  security tools , firewalls, identity tools,  cloud security tools  and many others all have their own alert formats and frequency.  Every  SIEM tool  can store logs from these devices – that’s the easy part.  The problem is that creati...

Today there is no shortage of compliance requirements.   There are so many, in fact, that there are billions of dollars spent every year on tools and audits. These regulations have the right goal in mind: protect companies, their intellectual property and their customers. Unfortunately, by the time these laws make it through the government process the attackers have already changed their tactics. They don’t have to play by any rules. This begs the question, “How effective are all these compliance requirements at achieving the ultimate goal?”  All we read about in the headlines is the next big breach.   Pipelines, power grids, global shipping,  and even the food supply have been targeted. These companies comply with multiple requirements annually. They employ large teams of  SOC analysts . They leverage all of the technology mandated in the requirements. When was the last time there was a significant revision of any of these regulations?  If we created ...