July 23, 2021 Kevin Broughton
Why effective solutions matter more than acronyms
Every few years comes a new wave of technology solution marketing that is centered around a common acronym, introducing the latest approach to solving a specific problem, and cyber security technology is no different. This isn’t necessarily a bad thing, as it often reflects critical innovations to make your security operations team more effective, like improving visibility, delivering better analytics, reducing complexity (not always succeeding), and other capabilities that ultimately make your organization more secure.
But along with the new acronyms comes a lot of confusion for anyone tasked with assessing new solutions. First, you have to figure out what it actually means, and whether or not that sort of solution applies to your organization’s needs. Then, once you’ve determined that it’s a potential fit, you have to wade through the muddy waters of every vendor staking a claim on the market, no matter how tenuous their connection.
XDR is the latest technology making the rounds as dozens of vendors have latched onto the term. It promises to both simplify and optimize your security stack by tying everything together to increase threat detection capabilities, consolidate the number of screens your analysts need to work within, and significantly reduce the number of false positives they waste time investigating every day. And unless you've defied the odds and completely insulated yourself from new messaging, you’ve seen potentially dozens of vendors referencing their XDR capabilities.
What do they actually mean when they’re talking about XDR?
Given the amount of white noise obscuring any easy answer, it’s a valid question. So let’s start with the definition(s).
The definition of XDR according to Gartner is eXtended Detection and Response, and it’s a new category of vendor-specific platforms created to provide a better user experience around multiple threat-focused security technologies. In other words, large vendors are making a concerted effort to tie all of their individual point solutions together through integrations and a common UI. But this means if you want the XDR you’re tied to one vendor’s portfolio, potentially requiring a forklift reinvestment in an entirely new technology stack.
The alternative vendor response to this has been the introduction of OpenXDR solutions, which also offer a consolidated approach and a common UI but focus on working with best-of-breed technologies from any vendor rather than just one. The OpenXDR platforms promise to work with your preferred technology stack, integrating everything together while also delivering centralized detection and response capabilities through a single interface.
Interestingly, OpenXDR messaging is also being embraced not just by security software vendors, but by MDR and other service providers. Which makes sense, since the concept is more about data aggregation and operating simplification than a specific delivery method.
But if OpenXDR integrates your security operations stack to more effectively centralize and streamline your detection and response process, then what does SOAR do?
The key difference is that SOAR is an automation driven solution, while XDR (at least at this point) is more concerned with centralized analysis and a single UI for managing your detection and response strategy. (There is a similar question that can be asked about the difference between XDR and SIEM, addressed in this ebook…) The drawback is that there is a larger variation in capabilities for OpenXDR, and if you’re truly looking for something that cuts down on alert fatigue and lowers your MTTD and MTTR, you need to make sure that automation is central to the platform. Which brings us back to SOAR. If that is, in fact, your end goal, then in most cases SOAR-like automation capabilities should be your first stop in the hunt for an OpenXDR platform.
XDR may be a more open-ended term than SOAR, but both were created to solve the same problem. So, what’s the real difference?
The real question is, if the solution you choose solves a significant problem for you, do you care about the acronym? The real importance is that whatever the solution that you choose, the outcome delivers value. You need a solution that will help consolidate your tools, automate workflows, and simplify and accelerate your detection and response capabilities.
How do I determine what’s right for my organization?
Whether it’s SOAR or XDR, these solutions often remain out of reach for smaller organizations with limited resources. Without the in-house expertise to integrate your security stack, build your detection and response content and manage the solution, either option will most likely fail during implementation.
Before you begin any evaluation, make sure to:
If you’d like to learn more about how you can cost effectively consolidate your security operations in whatever way works best for your organization, schedule some time with us to discuss your options here.
May 20, 2022 Willy Leichter
Demystifying the technology with case studies of AI security in action Many automation tools, such...
Learn MoreMay 17, 2022 Willy Leichter
While we’ve been talking about and imagining artificial intelligence for years, it only has...
Learn MoreMay 15, 2022 Tessa Mishoe
Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...
Learn MoreMay 9, 2022 Tessa Mishoe
Blackcat Ransomware On April 19th of 2022, the FBI Cyber Division released a flash bulletin...
Learn MoreMay 6, 2022 Kumar Saurabh
LogicHub’s unique decision automation technology can build clients the ultimate security playbook...
Learn MoreMay 3, 2022 Kumar Saurabh
Automating a threat-hunting playbook with the help of AI Many threat-hunting playbooks we build for...
Learn MoreApril 29, 2022 Tessa Mishoe
Introduction Within the realm of security, there are many different toolsets and opinions on what...
Learn MoreApril 27, 2022 Willy Leichter
SOAR Playbooks Outside of football, the term “playbook” is well understood by a relatively small...
Learn MoreApril 21, 2022 Willy Leichter
When updating your systems from a pure Security Information Event Management (SIEM), choosing the...
Learn MoreApril 15, 2022 Tessa Mishoe
Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...
Learn More© 2017-2022 LogicHub®
All Rights Reserved
Privacy Policy
Terms of Use
Sitemap
© 2017-2022 LogicHub®
All Rights Reserved
Privacy Policy
Terms of Use
Sitemap