Open XDR In the Real World — Q&A With Jon Mayled

In this interview, we capture real-world experience and recommendations from an enterprise that implemented Stellar Cyber’s Open XDR platform. We talked with Jon Mayled, International IT and Security Director at PlastiPak Packaging, Inc., about what he learned during his implementation.

SC: What is required to implement a successful XDR program?
JM: Although I recommend a fundamental understanding of the technical environment and key information exchanges between endpoints for implementation of a successful XDR program, it’s not an absolute prerequisite. What you will need is a functional understanding of core technical concepts to propel the deployment and utilization of an XDR solution. This includes a strong foundation in networking concepts, a broad understanding of API integration, and a comprehension of log file analysis and interpretation.

SC: What are the challenges in implementing XDR?
JM: With the implementation of any network or traffic analysis tool, normalizing and baselining data can at first be an overwhelming task. This is also true of an XDR platform. But alert noise in the infancy stages of the XDR deployment to be expected; it’s a preliminary step on the path to meaningful alerts and automated responses.

SC: How should enterprises best go about implementing XDR?
JM: Open XDR helps enterprises gain control over which tools/capabilities they leverage, and which they phase out over time. Initially, for example, we didn’t want to eliminate or replace any of our existing tools to introduce this capability. Enterprises should therefore view XDR as an additional layer of security within an already structured environment. Implementation requires the following:

  1. Identify key systems and software platforms.
  2. Define networking topologies.
  3. Gain an understanding of endpoint traffic flows.
  4. Baseline end-user usage patterns as a ramp to anomaly detection.

SC: How do you measure success?
JM: Although the above implementation steps are not prerequisites to platform deployment, an already defined environment will expedite the implementation of an XDR solution. Success in this context can be measured as the ability to analyze, corelate and react to seemingly disparate traffic patterns while progressively gaining a broader understanding of the underlying environment. Specifically, the more refined the inputs to the platform are, the more meaningful the correlated and actionable alerts will become.

Unlike legacy solutions that reside and operate in ‘functional silos,’ XDR combines each of the underlying technologies into a single, operational platform. In particular, the idea of an “Open” XDR system was attractive to us as it allowed us to retain our investments while seeing the value of an XDR platform. The platform further leverages its combined set of tools through the application of AI and ML, which introduce intelligence into the platform, effectively shifting event analysis and correlation from a reactive to proactive model.

--

--

--

Stellar Cyber’s Open XDR platform delivers Everything Detection and Response by unifying all currently disjointed security tools and data sources.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Predicting Pet Adoption Speed Using Python — Part II

Go to the profile of Richa Vala

HOW TO HACK YOUR SCHOOL SERVER OVER WIFI ?

@projectpxn

Chad with a sword

How I Found a Job in Software Part 1: Tracking My Progress

Minimizing cost over-runs in IoT services with Hardware traceability Matrix

Forensics in AWS

📢Free to play‼️ Monopolon will be giving out free Character NFT 👥 during the promotional…

Having background of fashion and learning computer is a completely different world to me.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Stellar Cyber

Stellar Cyber

Stellar Cyber’s Open XDR platform delivers Everything Detection and Response by unifying all currently disjointed security tools and data sources.

More from Medium

TURBOCHAIN PAIN POINTS

A Growing Passion — Blog Post #3

Ask Me Anything with GinGr at ICOSpeaks

HOW DOES ARC FINANCE PUT TO USE THE VALUE OF LIQUIDITY Being hot money, liquidity is doomed to tip…