As cyber security professionals, we’re all trying to keep our customers and our own organisations secure, but we’re drowning in acronym soup. You have your EEP, EDR, MDR, NDR, NTA, DLP, CASB, SWG, SASE, IAM, IDS, IPS, SIEM, SOAR and so very many more, all vying for your attention and helping to save you and your customer’s weary workers from the scary world of malware, bitcoin-hungry ransomware, employees gone rogue, dark-hooded international hackers, kudos-craving script kiddies and whatever evils lurk in the deep dark-web.
Endpoints, networks and cloud infrastructure & services are all targets for these threat-actors and the need to protect them all is not going away anytime soon. Neither will the need to provide your customer with those best-of-breed solutions to protect them all. Our very jobs depend on it. But behind each new and ever more sophisticated set of acronym lays a new set of alerts, dashboards, data and decisions, online training videos, certifications, agents, updates, patches, and more to ensure that IT and security professionals are never more than a support ticket away from turning their laptops into an expensive frisbee and retiring to farm sheep in rural Wales.
Now while each of these products provides information and their own set of sophisticated tools to keep an organisation safe, the problem of juggling them all with the security professional bouncing between products, translating alerts and joining the dots between them and making timely decisions, is all too real when dealing with the latest evolving, multi-point attack.
What the cybersecurity market is long overdue is a shiny new TLA (Three-Letter-Acronym) that can get these solutions talking to each other to provide a comprehensive view of an organisation’s security posture, one that can aggregate and normalise the existing data and insights provided by a wide range of security controls, apply sophisticated analysis and decision-making processes, and importantly, respond to those threats by leverage those existing tools across platforms.
XDR, or eXtended Detection & Response solutions aim to integrate with these often-siloed solutions, to finally realise that promise of a multi-layered, cross platform, detect and response solution.
Any security solution is defined by what problems it can solve and how quickly and easily it can do it. With XDR the ultimate goal is to provide an integrated solution that can turn data from ALL your security solutions into reliable information upon which decisions can be made, and offer up ALL the remediation tools from across your systems for a comprehensive, targeted, and ideally, automated response, all from a unified single pane of glass.
Minimise your blind spots and maximise your investments. Empower your endpoint solution to block malicious access to your cloud services via your identity provider. Inform your network traffic analysis tool to breached credentials and have your firewall block all traffic from a compromised server. Finally realise the full potential of the tool you already have and give the security teams the best chance of keeping you and your customers safe.
Analysts and vendors are constantly pushing new TLAs on us with big promises, but this latest one looks like it might just have the X-factor to really make a difference.