Enterprises must and will continue strengthening their cybersecurity structures as the threat landscape evolves. However, as the number of security solutions deployed in the company rises, so does the ability to manage them and efficiently respond to their warnings, necessitating solutions integration into a more workable environment.
EDR provides the groundwork for Extended Detection Response (XDR), an upcoming cloud-native technology that leverages AI and automation to help enterprises manage cybersecurity from a single perspective.
As nimble, well-funded, and intelligent attackers find new methods to penetrate networks, security issues are increasing for enterprises, underlining the significance of automation and endpoint protection to reinforce the ecosystem.
Despite XDR’s rapid popularity, there are still a few misconceptions regarding the protocol, so let’s dispel a few of them.
The endpoint is the focus of XDR
No, not at all. Endpoint Detection and Response (EDR), which is just one component of what XDR provides, accomplishes this. EDR solutions are purely focused on the endpoint, with no correlated intelligence from the cloud or other portions of an organization’s infrastructure.
Most EDR platforms, in fact, are unable to ingest all relevant endpoint telemetry and are forced to “filter out” intelligence without knowing whether or not that information is crucial to making a detection due to the solutions’ inability to handle the amounts of data collected.
Indeed, some manufacturers claim to be able to supply an XDR solution that ingests endpoint data as well as telemetry from a variety of other sources on the network and in the cloud, despite the fact that they simply cannot assimilate all available telemetry for EDR.
Since data filtering omits telemetry that may allow for early identification of malicious behavior, it has a detrimental influence on the capacity to thwart attacks proactively. When data filtering is extended to incorporate non-endpoint sources, it might further skew an organization’s view of the dangers it faces.
These constraints do not apply to XDR. Without data filtering, it offers continuous threat detection and monitoring, as well as an automatic response, to endpoints, cloud workloads, apps, and the network. This contributes to the high fidelity of an XDR threat detection.
A SIEM should be used in conjunction with XDR
True, XDR has a lot of the same features as Security Information and Event Management (SIEM) software. One of their most striking commonalities is the capacity to aggregate and correlate data from a number of sources scattered across an organization’s infrastructure, therefore giving essential visibility for threat detection, investigation, and response.
SIEMs, on the other hand, are hampered by a number of critical problems. They are worthless without the data lake structure and cloud analytics that SIEMs require to centralize security events. The kinds and quality of the data to which such resources have access varies, which has an impact on the SIEM’s usefulness and efficacy.
Building, calibrating, and maintaining a SIEM also comes with a cost in terms of money, time, and other resources. With SIEMs, tuning is the common pain point. Indeed, these techniques typically produce false positives as well as an excessive number of alerts.
Such cacophony causes “alert fatigue” in the business, causing information security staff to ignore the flood of notifications and miss opportunities to initiate investigations at the first symptoms of an intrusion. Simultaneously, SIEMs don’t help security teams much with response execution beyond generating a large number of alarms that must be manually triaged.
For more such updates follow us on Google News ITsecuritywire News