Cybersecurity experts are used to change; they understand that as new attack vectors develop, threat actors adjust their strategies to meet their objectives. As a result, they adapt by introducing a new security process to tools as needed. However, the acceleration of digital transformation, remote work, and cloud migration has compelled security practitioners to take a more holistic approach to detection and response in recent years.
To better understand and defend against threats, security practitioners have had to rethink detection to encompass a breadth and depth of data from various systems and sources across the infrastructure. They have also had to adjust their response strategy to incorporate all enforcement points across the infrastructure that has been impacted by an attack. They have also had to prioritize and improve how tools and systems operate together to support these expanded detection and response requirements. As a result, the concept of Extended Detection and Response (XDR) is gaining popularity.
But there is more upheaval on the way. With a global cybersecurity talent shortfall of more than three million professionals, as stated in the 2020 ISC2 Cybersecurity Workforce Study, more and more organizations are rethinking their overall approach to security operations. The promise of XDR is that it allows for data flow and integration across infrastructure for prevention, detection, and response. Many businesses, however, have difficulty implementing and managing XDR solutions. Getting data from on-premises, legacy systems to a cloud platform is a significant job, even if the XDR solution vendor has good APIs that are “simple” to write to. An XDR deployment can quickly escalate into a huge consulting project that consumes a significant amount of time and money.
As a result, some businesses choose to outsource a part or the entire function to a managed detection and response (MDR) service provider that also provides XDR. However, if a company is thinking of outsourcing XDR to an MDR vendor, they should ensure they have answers to the following three questions:
- How can more attack vectors be covered for companies?How can businesses protect themselves from more attack vectors? Many MDR companies, like XDR solutions, initially focused on Endpoint Detection and Response (EDR). EDR is crucial, but so is telemetry throughout the network, out to the cloud, and across the dozens of on-premises and legacy security tools that enterprises already have. For extended detection and response, data from all of the tools that the enterprise uses is essential.
- Can they bring in and leverage the right external data? Third-party data and intelligence feeds are key components of any detection and response strategy because they provide a complete view of what is going on and provide context to internal threat and event data. Commercial sources, government, open source, industry, and existing security vendors — as well as frameworks like MITRE ATT&CK – are all possibilities. An MDR company can check for connected artefacts in other tools across the organization, confirm the scope of malicious activity, and identify all compromised systems using information about attackers, their techniques, and campaigns.
- Is it possible to get all the teams and tools to work together? Whether all or part of XDR services are outsourced, the capability to actively collaborate with internal SecOps teams to address appropriate use cases and workflows is critical. Furthermore, bi-directional integration with all tools ensures that actions are carried out across many systems, the defensive grid is quickly strengthened, and data can be obtained for on-going learning and improvement. If this isn’t practicable in all cases, mechanisms from the MDR provider to the internal SOC, and vice versa, need to be in place to enable a coordinated and comprehensive response.
For more such updates follow us on Google News ITsecuritywire News