Security is – or should be – a key enabler of your business growth. As a security professional overseeing your organization’s security posture for your overall IT estate, you and your team should enhance consumer confidence in your business. How you can support your businesses objectives and drivers should be top of mind for you every day.
In your drive for a strong security posture, you may be wrestling with questions around Extended Detection and Response (XDR) or have inquiries from your C-suite about it. In the ever-growing cybersecurity alphabet soup, what is XDR? Should it be part of your security plan?
Defining and Delivering XDR
Googling XDR leads to countless definitions and descriptions. Gartner’s definition of XDR is that it “is a platform that integrates, correlates, and contextualizes data and alerts from multiple security prevention, detection, and response components.” XDR also aims to reduce product sprawl, alert fatigue, integration challenges, and operational expenses.
The three basic buckets of XDR are:
Having more than one telemetry source
Central depository for analytics
Visibility to data collection, processes, alerts, and workflows
Workflows result in faster decisions to coordinate responses across multiple tools. This high-level definition results in extremely broad interpretations of who falls into the XDR vendor category. Quite literally, most everyone can claim they are an XDR security vendor.
Beyond defining XDR, there’s also the myriad of delivery methods. The most common flavors of XDR delivery currently trending are:
Endpoint + X Source
Often the path of EDR vendors, this XDR solution brings another telemetry and/or data source to an existing endpoint. While this approach may be easy in leveraging your current EDR investment, the challenge is ensuring coverage across the entire IT estate. Coverage may vary significantly based on what additional data sources and telemetry points are used which may mean you do not have full security visibility.
SIEM + Analytics
For those with mature security postures, this SIEM-centric option offers flexibility and scalability. However, the challenge with this approach comes from lengthy deployments, numerous processes for add-on modules needing integration to your existing process, and in-house team availability to constantly tune data models to update policies for the environment.
Endpoint + X Source + Logs + Analytics + IDS
An expansive approach providing visibility across the full IT estate. Advantage is that it brings together prevention and detection, tapping into known and unknown challenges. The challenge can be there are many tools that require you partner with a team with expertise and knowledge to manage the environment to generate the best outcomes.
A Modern Approach
Beyond the chatter, why are businesses and security professionals considering XDR? Primarily it’s to achieve better outcomes, whether that’s through consolidating some of their vendors and tools to reduce tool sprawl or alert fatigue; increasing operational efficiencies, particularly if they have limited people and do not have the budget for additional staff (or can’t find experienced professionals to hire) to discover and quickly respond to incidents; or improving visibility and unify the view of their environment. These desired outcomes most often are operational, resource, security, and/or infrastructure in nature.
XDR may not solve the broader industry challenge of maintaining expertise nor the struggle to solve the burden of managing and extracting value from the security stack. In order to achieve the right outcomes, a business’ solution needs to have the right combination of technology, people, and process.
What is your desired outcome? Is it achievable with XDR?
In revisiting Gartner’s description and the three XDR buckets, when deciding on your security delivery and who you’ll partner with, choose an organization that can eliminate any burdens to your security success and provide the necessary fourth bucket — the managed element. And that critical piece of your security is at the core of managed detection and response (MDR).
MDR provides the expertise you need. From threat research and hunting, 24/7 monitoring, advanced analytics and tuning, and alert investigations, to log analysis, false positive reduction, and actionable insights, MDR helps achieve the outcomes you need. With it, you’ll have the right combination of people, process, and technology to expedite your path to increased security maturity.
Quite simply, MDR achieves the same outcomes as XDR. In most cases, MDR delivers those outcomes better, faster, and more efficiently. In short, with MDR, you have the human element and the expertise these people bring to your security posture.
Reach Your Identified Security Outcomes with MDR
Once you’ve identified the security outcomes you need to achieve to help your business reach its objectives, engage with Fortra’s Alert Logic to create a MDR security strategy for your organization. We’ll develop a program that works not only for your business today but can expand and scale into the future.
To begin the conversation, request a personalized Fortra’s Alert Logic MDR demo.