We’ve already spoken about the strengths of Extended Detection and Response (XDR) as it relates to other solutions such as EDR, SIEM, and SOAR. But did you know that not all XDR platforms are created equal?
In general, an XDR solution should correlate attack telemetry from multiple sources into one incident or malicious operation without “filtering” critical information needed for detections simply because the platform cannot handle the terabytes of data.
It should instantly deliver root-cause analysis and enable proactive threat hunting by analysts with varying levels of experience. It should also offer automated response capabilities to speed remediation.
There are basically two varieties of XDR: Native XDR and Open (or Hybrid) XDR. Looking at it this way helps us put XDR into context and define a strategy for adding XDR to an organization’s arsenal. Let’s take a look at these two approaches to XDR.
Native XDR
As we noted in a previous blog post, Native XDR draws upon the other technologies that exist in an XDR provider’s portfolio to fulfill a customer’s security needs. This type of deployment comes with certain advantages. First, it all but ensures there will be tight integrations between the XDR platform and the vendor’s other technologies.
Security teams therefore won’t have to worry about spending lots of time configuring their XDR platform were they to invest in those tools. Second, if security teams elected to bring on a Native XDR platform and other tools from the same vendor, they wouldn’t have to worry about a complicated buying process.
But Native XDR comes with many drawbacks. There’s such a thing as “vendor lock-in” where organizations can’t justify the cost of switching vendors, leaving them stuck in their current position. That’s an unenviable place to be in when it comes to Native XDR.
No single vendor can provide all the security technologies that an organization needs to defend itself against modern threats. So, if they’re locked in, they’re more than likely loaded down with solutions that don’t necessarily meet their needs and also don’t integrate with some of their other vendors’ solutions.
Open XDR
In contrast to Native XDR, Open (or hybrid) XDR takes an “open” approach that can leverage multiple security tools, vendors, and telemetry types to meet organizations’ needs from within a single detection and response platform. There’s no vendor lock-in here.
Security teams are free to choose the vendors and tools they want, allowing them to get the most out of their XDR platform, and DevOps and API integration enables personnel to bring these tools and telemetry sources together.
Open XDR comes with another advantage, as well. A Native XDR platform can’t interact with solutions that aren’t offered by its provider, a limitation which is unlikely to motivate organizations to abandon their existing security investments and replace them with the provider’s counterparts–they would lose money in the process.
But this isn’t a problem with Open XDR, as clarified by Cybersecurity Insiders. Open XDR works with tools into which organizations have already invested capital and effort, so security teams can continue to leverage those technologies going forward without needing to replace them.
Open XDR can leverage multiple security tools, vendors and telemetry types, all integrated into a single detection and response platform that centralizes behavior analysis.
MXDR: Managed XDR
In a recent survey, 73% of IT and security professionals told Enterprise Strategy Group (ESG) that their organizations either already have a Managed Detection and Response (MDR) provider or are in the process of working to adopt MDR services. Why? Because more than half of those respondents articulated the belief that an MDR provider could do a better job at threat detection and response for their organization than they could do on their own.
That same logic applies when it comes to Managed Extended Detection and Response (MXDR). At its best, MXDR doesn’t just provide a service, after all. It also augments the skills of existing staff members, functionality which helps to streamline all security processes while cutting down on manual tasks.
MXDR is key for organizations that do not have a traditional SOC, or have other factors limiting available resources, as everything they need for real-time threat monitoring as well as deep-dive threat hunting is typically included in an MXDR engagement.
AI-driven Cybereason XDR (and MXDR for that matter) delivers tremendous value to organizations by bolstering an organization’s entire infrastructure security with unrivaled Open XDR capabilities to protect all IT assets, including its endpoints, cloud workloads, applications, and user identities.
Cybereason has recently joined forces with Google Cloud to deliver Cybereason XDR powered by Google Chronicle, the first true XDR platform–driven by AI and capable of ingesting and analyzing threat data from across the entire IT environment.
Cybereason XDR provides Defenders with the ability to predict, detect and respond to cyberattacks at planetary scale and at maximum speed across the entire enterprise, including endpoints, networks, identities, cloud and application workspaces.
Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about Cybereason Advanced XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.