The CISO needs to manage the overall strategy for Extended Detection and Response (XDR), which is really targeted at security-strategic firms that are prioritizing security and making it a core component of their business. Enterprises must also ensure they have skills ready to put the best advice into practice, and address the issue.
Data from sensors and systems located throughout the organization’s infrastructure is the lifeblood of cybersecurity defense. However, data devoid of context or background just produces unimportant noise that bugs and diverts analysts. Security teams drown in a deluge of erroneous warnings in the absence of an integrated platform to link all that data. Multiple security engines that correlate and assess normalized data sets kept in a lightweight data lake are expressly included in XDR’s design.
In principle, XDR appears to be the real deal and could eventually be successful. Here are the three main obstacles IT leaders will have to overcome.
Also Read: How Enterprises can strengthen their Security Architecture with XDR
The difficulty of deployment
The infrastructure of modern security technology consists of a variety of “best-of-breed” point tools. Even worse than it sounds, many firms utilize various endpoint security software, firewalls, IDPs, etc., from several vendors. These products are run by multiple people and teams and were installed organically over time utilizing various budgets. To realize the full prospect of Extended Detection and Response (XDR), enterprises must replace this patchwork with a portfolio of integrated, proprietary solutions. Few, if any, businesses will voluntarily “tear and replace” everything at once in the XDR pool. Therefore, XDR suppliers must persuade CISOs of the strategic advantages of XDR before collaborating with them on projects for phased rollout. In order to achieve a longer-term vision of cybersecurity technological harmony, XDR suppliers will also need to persuade security staff members to give up their preferred point tools.
This all points to the need for XDR vendors to switch from transactional to strategic selling. In addition, they will also need to support customers by providing improved expertise in business security architecture, industry solutions, and software customization.
Restricted automation (at first)
The most significant hindrance in cybersecurity is time. The number of security breaches has grown significantly each year while resources (talent, funds) have stayed constant, which has sparked a wider acceptance of automation for security procedures. For the majority of security organizations, success is now measured by accomplishing the most in the briefest amount of time (with the fewest resources). With embedded Artificial Intelligence (AI) and Machine Learning (ML), XDR seeks to minimize manual tasks further and boost the effectiveness of precious security analysts. It will take time, though, for XDR to pay off. The ML model will need to learn over time and make adjustments to improve its detection abilities after the first implementation of an XDR solution (this alone could take a long time). It might not be practical to see an XDR solution’s ROI right away.
Also Read: 3 Ways Artificial Intelligence and Machine Learning Aid and Hurt Cybersecurity
The SOC challenge
In a way, the SOC problem XDR presupposes that enterprises either don’t already have SOC technologies (such as SIEM, SOAR, threat intelligence platforms, etc.) or that these systems are also in need of replacement.
This is probably a reasonable hypothesis for mid-market and small businesses, but it isn’t at all true for big corporations. In fact, many large companies have invested millions of dollars in SOC technologies, customization services, and employee training. In addition, they have entirely separate SOC technology integration projects that have absolutely nothing to do with firewalls and endpoint security software, which are underlying security controls.
Vendors of Extended Detection and Response (XDR) will need to establish how to interact with and improve current SOC technology and procedures rather than stepping on the SOC. Most security control providers, who currently make up the majority of the XDR industry, do not come naturally knowledgeable in this area.
For more such updates follow us on Google News ITsecuritywire News