If you pay attention to emerging trends in cybersecurity, you’ve probably seen the explosion of companies marketing XDR, the latest acronym buzzword on the market, which stands for eXtended Detection and Response. We’ve written about XDR in other content, but rather than focusing on the definition, let’s talk about why XDR is necessary and what it can do for you.

Why you should care about XDR

So let's start with the why. While the specifics vary between organizations, there are a few chronic issues that have plagued security operations teams for years, and continue to get worse over time. But the overriding theme is operational complexity. With the typical SOC bouncing between around 20 security tools or more, almost every security team receives far too many alerts to handle. Aggravating that situation is the fact that too many struggle to find and retain skilled personnel necessary to deliver 24x7 security, which is an increasingly necessary mandate.

In other words, not enough people, too many tools, and too many alerts. Not a new problem, and not the first time the industry has tried (and failed) to solve it. A large part of the promise of SIEM over 15 years was to collect and correlate all of your security data in one place to quickly detect advanced threats and deliver accurate alerts. Because of the challenges of collecting and analyzing those mountains of data, SIEMs became one of the primary generators of false positives, with the added burden of having a high total cost of ownership (TCO). Few organizations have the resources or budget to extract real detection and response value out of their SIEM. To learn more about the evolution of XDR and how it differs from SIEM, download our ebook here.

Why hasn’t this problem been solved already?

The security stack is constantly evolving. Over the years, more effective but highly specialized detection and response tools have been rolled out, like EDR, NDR, UEBA. While these deliver deep visibility into specific threat behaviors, the information is highly siloed and their alerting capabilities are limited, becoming yet another prolific generator of false positives. And each new platform introduced another technology with another UI/UX to learn. So not only are security analysts expected to master 20 or more products, each stack being unique to the individual organization, in an actual investigation they have to bounce from screen to screen to run down and respond to anything other than the most basic attacks.

So the answer to too many tools is another tool?

In a word, yes. Not because XDR renders existing solutions obsolete, but because it simplifies the process of using them through a combination of simple integration, detection and response automation and centralized case management. XDR delivers subtraction by addition, acting as the focal point of your security operations by giving you one place to coordinate all of your detection and response activities.

While that may sound an awful lot like SOAR (and a lot of SIEM marketing), it’s the end to end detection and response component that has been historically lacking. SOAR platforms excel at verifying likely threats and automating incident response, but typically lack the high volume threat detection and alert triage capabilities to analyze all of your alerts. That leaves you in the same boat of having to continually tune your detection platforms to make your alert volume manageable, and few security operations teams have the bandwidth to make that happen. We have a more detailed explanation of the difference between XDR and SOAR here.

What can XDR do for you?

With any solution, a lot depends on how you use it, and before evaluating any solution, you should take the time to define your expected/required outcomes. But a well-defined XDR platform can significantly simplify your detection and response capabilities. When properly implemented, XDR effectively consolidates all relevant detection and response data in one location, delivers the automated playbooks necessary to analyze all of that data (alerts in particular), and uses the same automation to expedite your incident response. Over the next few weeks, we’ll outline what to look for when evaluating XDR solutions as well as the outcomes you should expect. In the meantime, if you have any questions, feel free to contact us for more info.


Related Posts

May 20, 2022 Willy Leichter

Automating Threat Detection: Three Case Studies

Demystifying the technology with case studies of AI security in action Many automation tools, such...

Learn More

May 17, 2022 Willy Leichter

It's Time to Put AI to Work in Security

While we’ve been talking about and imagining artificial intelligence for years, it only has...

Learn More

May 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: May 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

May 9, 2022 Tessa Mishoe

Bad Luck: BlackCat Ransomware Bulletin

Blackcat Ransomware On April 19th of 2022, the FBI Cyber Division released a flash bulletin...

Learn More

May 6, 2022 Kumar Saurabh

Let Humans Be Humans and AI Be AI

LogicHub’s unique decision automation technology can build clients the ultimate security playbook...

Learn More

May 3, 2022 Kumar Saurabh

How to Build a Threat Detection Playbook In 15 Minutes or Less

Automating a threat-hunting playbook with the help of AI Many threat-hunting playbooks we build for...

Learn More

April 29, 2022 Tessa Mishoe

Integrating Better: What Can Integrations Do For Me?

Introduction Within the realm of security, there are many different toolsets and opinions on what...

Learn More

April 27, 2022 Willy Leichter

Beyond No-Code: Using AI for Guided Security Automation

SOAR Playbooks Outside of football, the term “playbook” is well understood by a relatively small...

Learn More

April 21, 2022 Willy Leichter

Goodbye Lonely SIEM, Hello MDR

When updating your systems from a pure Security Information Event Management (SIEM), choosing the...

Learn More

April 15, 2022 Tessa Mishoe

LogicHub Security Roundup: April 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More