Extended detection and response (XDR) is gaining momentum as the next big thing to simplify and improve security.
The term, coined by Gartner, refers to a platform that provides unified visibility across all security products to make it easier to quickly spot and resolve threats.
Security leaders say they’re overwhelmed with managing the myriad of tools they need to secure today’s architectures. “The complexity comes from trying to tie all of these disparate tools that are not meant to work together,” said Al Huger, GM and Vice President of Security Platforms and Response at Cisco. “It should be routine to ask a simple question and get a simple answer, but it’s not.”
XDR is the result of an industry drive for greater simplicity and accuracy, said Huger. It not only reduces the time to detect a threat, XDR can also automate the steps to investigate and resolve a security breach.
Three reasons to consider XDR
Implementing XDR solves three essential problems. The first is the problem of coordinating too many tools from too many different vendors. “It all comes down to time of response,” said Huger. “This is a pain point that every single organization that is looking at security products suffers from today.”
It can be extremely frustrating for security leaders quickly assess a threat issue when they have to stitch together the story from a variety of tools. The longer it takes to find and resolve a breach, the more expensive it could be for the business. “That can be a long cold winter between I think I have a problem and I’m on the front page of my local newspaper or the New York Times,” Huger said.
Indeed, according to the Cisco Security Outcomes study, which surveyed 4800 IT professionals, an integrated defence increases the overall success of security programs by an average of about 11 per cent. It also improves morale and builds a stronger security culture because employees aren’t wasting their time overcoming technology issues.
Secondly, XDR helps organizations cope with the security skills shortage. Cyber security specialists are rare and expensive, said Huger. “The security industry has exacerbated the problem by building products that require experts to use them,” he said. “Customers should not have to be experts to operate the technology.” With XDR, a security alert is presented in a concise, visual way.
Finally, the need to address security risks arising from last year’s sudden transition to remote work is driving XDR adoption. Huger noted that, in the past, security technology was based on a highly controlled campus environment. “When I was in the office, I probably sat behind $70 million of combined security between the big bad Internet and me,” he said. “Now at home, I sit behind $50 worth of security investment – – my home personal router.” To deal with this situation, security tools have to be cloud-based and must tie together the software on remote users’ computers to feed into a centralized location.
Security all in one place
According to Gartner, most XDR services are developed using cloud-native architectures. They’re designed to provide visibility across all an organization’s endpoints, as well as the network, and cloud workloads. For example, Cisco’s XDR service, SecureX, makes all the information available on a single pane of glass, said Huger. “The visual display helps you see as quickly as possible what an issue is.”
SecureX uses analytics to correlate data from the different security products in an environment. Multiple alerts generated by an attack can be combined and resolved as one incident. Another common use is to search the system to see if there is any impact from emerging threats in the news. “It walks you through everything you and your products know about it and overlays what the world knows about this threat,” said Huger. If there is an impact, SecureX will “tell you when it happened, where it is now, and the steps to resolve it.”
Automation is another time-saving feature of SecureX. It allows an organization to automate its playbook to respond to threats like phishing emails. “If a user downloaded the phish, it can automatically implement a firewall or do all of the steps that would normally be done during an investigation,” said Huger.
Saving time on security
The ability to automate manual processes using SecureX has been shown to save 100 hours on average for security teams. As well, it eliminates investigation tasks by 72 per cent and shortens the time spent on threat hunting. “SecureX allows you in minutes to determine whether there’s actually a breach versus hours of investigation,” said Huger.
By making it possible to detect threats more quickly, SecureX identifies and contains 70 per cent more malicious threats and reduces dwell time by 85 per cent. As stated by Gartner, “the overall rewards of more efficient, effective security operations make XDR a promising new approach to enterprise security.”