Three Strategies for Building XDR Architecture

28
Three Strategies for Building XDR Architecture

Companies are rapidly constructing an expanded portfolio of cybersecurity capabilities in response to ever-increasing threats. The piecemeal nature of deployment, however, generally results in a highly complicated and siloed landscape, making it impossible to detect and respond to advanced threats in a timely and cost-effective manner.

According to “Gartner Top 9 Security and Risk Trends for 2020”, Extended Detection and Response (XDR) solutions became the number one trend CISOs should be aware of, in order to improve detection accuracy and security operations efficiency and productivity. Since then, XDR has grown in popularity, and security providers are rapidly jumping on the bandwagon, recasting their products as XDR solutions.

As Security Operations Centers (SOCs) move toward becoming more of a detection and response organization, they’re turning to XDR to help them get there. Because there are so many definitions and ways to XDR, it can be complicated for organizations. Here are three basic types of XDR architectures that are evolving, in an attempt to simplify what is out there.

Also Read: The Risks and Benefits associated with Automated Cybersecurity Defenses

Vendor-restricted environment

This approach, which is frequently promoted by large security providers as the best way forward, encourages the usage of a single vendor’s integrated suite of security products (typically cloud-based). This strategy is quite appealing since it emphasizes simplicity and thorough coverage. However, enterprises often secure themselves using a variety of technologies from various vendors, including firewalls, IPS/IDS, routers, web and email security, and endpoint detection and response solutions. Besides, they also have SIEMs and other tools, such as ticketing systems, log management repositories, and case management systems, that store internal threat and event data.

According to the a 2020 IBM research report “Security Response Planning on the Rise, But Containing Attacks Remains an Issue,” average businesses have more than 45 separate security solutions that don’t interact with each other for the most part. This develops over time as different teams, budgets, and departments make their own decisions.

Land and grow

This method begins with the vendor focusing on a certain surface area of attacks, such as Endpoint Detection and Response (EDR) or Network Detection and Response (NDR), and then plans to add more XDR capabilities through integration with other security tools. While this method allows for the selection of a leader in a foundational detection and response technology, it also comes with a few drawbacks. The importance of integrations in the development of XDR architecture cannot be overstated. The vendor, on the other hand, is likely to prioritize ongoing innovation of their main technology offering above integrations. If integration is not a core competency, it will take a substantial amount of effort to discover the tools to interoperate with and perform deep integrations to deliver on the promise of XDR.

Also Read: Differential Privacy is a Hard But Necessary Call to Make

Platform that is free to use

Vendors who follow this method provide a platform that focuses on integration, linking together tools from various attack surfaces as well as other security infrastructure. This approach powers a more agnostic approach to XDR by acting as a conduit between existing security technologies, including companies touting XDR solutions. This necessitates the use of a vendor’s core skill and focuses on system integration and data flow.

Organizations that have a variety of best-of-breed solutions across departments and teams have a flexible path forward with an open, extensible architecture that allows for strong integration and interoperability with existing tools. This could be including that one product the XDR vendor cannot be familiar with. For ingestion and exporting, standard interfaces are used, and custom connectors can be created and deployed in hours to link with new security controls to meet growing threats, as well as legacy tools on-premises.

For more such updates follow us on Google News ITsecuritywire News