Four Considerations for Evaluating XDR Platforms

There’s a growing need for the more holistic approach to threat detection and response that Extended Detection and Response (XDR) can deliver. Why? Just look at what’s going on in the digital threat landscape...

First, attackers are not letting up. Researchers recently revealed that the volume of digital attacks was more than 30% higher in the first quarter of 2021 than they were just a year ago, as reported by ITProPortal. A month-by-month examination of attack volumes showed that the number of attacks in January of 2021 was 14% greater than it was in Q1 2020. February was a third more, whereas March increased by half.

When they looked at the types of attacks targeting organizations, the researchers found that malware was leveraged in 32% of attacks. This was followed by unknown attacks, incidents where security products were unable to recognize malicious code, in 22% of attacks analyzed in that quarter.

Digital attacks aren’t just becoming more numerous, they’re also growing in sophistication. Researchers attributed this development to the expanded use of “techniques that make them [the attackers] harder to spot and that threaten even the savviest targets.” Those tactics included new ways of scouring the web for systems vulnerable to novel methods of reconnaissance by attackers.

A growing attack surface isn’t helping organizations, either. Many organizations’ attack surfaces grew when they offered more remote work options and embraced more dispersed workforces in response to the pandemic in 2020. Indeed, Help Net Security pointed out that international companies with 20,000+ employees are now more vulnerable because of their distributed infrastructure and workforces as well as the higher number of applications they need to manage.

Considerations in Evaluating XDR Platforms

Many organizations are turning to Extended Detection and Response (XDR) as a solution to the challenges discussed above. Per a previous blog post, XDR functions as an evolutionary step for Endpoint Detection and Response (EDR). It takes EDR’s focus on continuous detection and automated response, and it uses telemetry and data from beyond the endpoint to broaden detection capabilities to include its applications, cloud environments, IoT devices, user personas and other parts of its network.

XDR enables organizations to achieve more holistic detection and response. However, they need to make sure that they take the following into consideration when selecting an XDR platform as outlined by DevOps.com:

    • Organizations need to investigate how much money it will cost to integrate an XDR platform with other parts of their security stack. The crucial point here is that organizations need to figure out what cost is feasible for them and whether that’s doable given the other security solutions they already have deployed. As part of this calculus, organizations need to take the costs of maintaining XDR integration into the future.
    • If they find an XDR solution that’s financially feasible in terms of integration, organizations need to figure out whether that tool works for them when it comes time to implement. Time is the operative word here. For organizations dealing with remote workers and a growing number of applications, they need to go with an XDR platform that doesn’t take weeks to implement.
    • As stated above, one of the crucial benefits of XDR is its ability to carry EDR’s automated analysis capabilities to other parts of the network. But automated means different things to different XDR vendors. Organizations need a solution that uses automation beyond just data processing. They need an automated platform that minimizes the amount of manual work that’s needed of their analysts by delivering the context and correlations required to act as a force-multiplier for the analysts.
    • Finally, the central advantage of XDR is that it helps to bring an organization’s other security tools together in a way that simplifies detection and response. Organizations therefore need to steer clear of solutions that could require undue support such as employees needing to learn new skills just to manage the XDR tool.

Acknowledging these considerations, organizations need an XDR solution that doesn’t require them to build their own integrations, that uses adaptable automation capabilities with multiple parameters, and that includes native services and functionalities without add-ons.

The Cybereason XDR Advantage

The Cybereason XDR Platform comes with dozens of out-of-the-box integrations. What’s more, it uses both Indicators of Compromise (IoCs) and Indicators of Behavior (IoBs) to detect the subtlest indicators of an attack earlier in the attack sequence, allowing organizations to detect novel, never before seen attacks.

Cybereason XDR is designed to provide visibility organizations require to be confident in their security posture across all network assets, and delivers the automated responses to halt attack progressions, eliminating the need for both SIEM and SOAR solutions. Organizations can enjoy these benefits whether they drop their SIEM and SOAR entirely or augment it with Cybereason XDR.

Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Anthony M. Freed
About the Author

Anthony M. Freed

Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

All Posts by Anthony M. Freed