In this episode we discuss the future of what’s known in the security industry as XDR, which is essentially an enrichment of endpoint detection response products.
Here are the 3 Topics We Cover in This Episode:
1) What is XDR? Depends who you ask:
XDR is not another tool, but merely an extension of Endpoint Detection and Response (EDR) products. Gartner expects 50% of mid-market buyers to adopt XDR strategies by 2027. For context, in around 2010, cybersecurity vendors started driving stronger antivirus solutions for endpoint computers and servers, called Endpoint Detection and Response (EDR). The antivirus was only catching malware with a known signature and not able to detect more malicious lateral movements that are common in today’s attacks.
Every EDR platform has its own unique set of capabilities. However, some common capabilities include the monitoring of endpoints in both online and offline mode, responding to threats in real-time, increasing visibility and transparency of user data, detecting stored events with malicious malware injections, and creating blacklists and white lists in integration with other technologies.
Now that EDR solutions are firmly within the market, they need to be integrated with other tools, including threat intelligence, to be effective at scale for the enterprise. These massive integrations needed at scale, especially with the cloud, are what is starting to be defined as XDR.
2) What are the key integrations to EDR products to form an XDR strategy?
- Identity Access Management: Gives visibility to who is accessing what applications and websites in the enterprise.
- Threat Intelligence: Information and artifacts from attacker infrastructure, previous compromises, and behavior that can be identified outside of firewalls.
- Cloud and SaaS Logging: Any application in the cloud produces a log for access and use.
3) XDR does not have to be expensive or manpower-intensive for SMB:
- Cloud, SaaS, and Identity Access Management produce logs that can be integrated into easy solutions that do not need to be complex products, particularly for SMB.
- Enablement should be the critical aspect of XDR rather than more expensive tooling.
- Easy, automatable solutions to apply security controls are the critical way forward for medium and large enterprises.