XDR explained in 300 words
XDR is the rising star of new acronyms, but you might have to read a 1,000+ word long article to understand its value. Let’s try to do it briefly in about 300 words.
X means to expand DR’s — Detection and Response — systems — to cover your entire attack surface, not just a portion of it. The current security operations are built on siloed noisy tools which create blind spots with high volume of alerts, which can cause alert fatigue. Hackers not only attack those blind spots, they also attack several aspects of your environment to overwhelm your security team.
When your team is faced with thousands of individual alerts routinely it is difficult for anyone to know where to start. XDR leverages machine learning to automatically correlate the disparate alerts into incidents to close this gap. The incidents are scored and prioritized before they are presented in a simple to understand format highlighting the shortest path to remediation.
Currently there are five different approaches to XDR, and this is why you’re seeing so much ‘marketing’ going on from these camps:
- EDRs are making the move to XDR, calling it eXtended Detection and Response. They are extending the EDR from its original focus on endpoint to covering a broader piece of your attack surface like application logs.
- Some NDRs are making the move to XDR too. They have a similar path extending detections from its original focus on network to covering a broader piece of your attack surface like emails.
- SOARs may also add big data lakes for logs and their long-term storage to help add detections to a response-only platform.
- SIEMs are adding better ways to data-mine their data lakes, looking for signal patterns to correlate and adding response.
- And emerging XDR pure-players are building companies from the ground up that fulfill the promise of both broad and accurate detections with fast response across the entire attack surface
To summarize, XDR is about the big picture, finding the needles in the haystack quickly without creating more hay!!! and responding quickly and accurately.
At Stellar Cyber — we think X means everything — regardless of where you are coming from and which existing tools you use, and regardless of where you want to go in terms of security maturity. Open XDR is Everything Detection and Response.
Contact me for a lively discussion: