Request A Consultation

The Last Watchdog: Guest Essay By Christian Espinosa

May 25th, 2022

Deploying ‘XDR’ can help companies avoid the security ‘vendor-silo’ trap

According to recent data from Oracle and KPMG, organizations today employ over 100 cybersecurity products to secure their environments. These products play essential roles in detecting and preventing threats.

Related: Taking a ‘risk-base’ approach to security compliance

However, because they generate thousands of alerts every day, this vast sprawl of security sources adds even more work to already over-stretched security teams. It could create a cybersecurity ticking time bomb.

Many organizations have recently undertaken rapid digital transformations in response to the ongoing pandemic and a societal shift toward a “work from anywhere” future. This hybrid model has created exciting opportunities for employees and organizations and significantly raised the security stakes.

Most combine the cloud, Office 365, and Active Directory to store and transfer sensitive corporate data, and they need security solutions to protect their entire environment as it grows and evolves. The once “protective perimeter” surrounding enterprise IT has dissolved, transforming it from a closed environment into one that spans far and wide with copious entry points.

To address this security challenge, organizations are deploying more security products today. This seems to be creating new problems in vendor sprawl, further burdening security teams with more to do. The challenge is that disparate vendors do not represent data in the same way, so there is no correlation between dashboards and metrics.

When organizations have two or three security platforms protecting their environment, security teams must toggle between them and make sense of disparate data sets. This often results in a lack of clarity, inhibiting them from seeing the big picture of what is really happening in their security environment. This is why cyber gangs tend to favor layered attacks. They’re harder to identify across disparate security data sets.

Christian Espinosa

All security technologies have their own alerting systems, requirements for patches and updates, integration needs, user nuances, policy management processes, access control, reporting, etc. This can become overwhelming for security teams, often understaffed and under-resourced, resulting in missed alerts – some insignificant but critical.

Too many tools, too little time

So, how best to overcome this challenge? As organizations’ environments continue expanding, how best to improve security across the entire infrastructure without creating vendor sprawl or overburdening security teams?

One tool picking up prominence is Extended Detection and Response (XDR.)

XDR is one of the latest acronyms to hit the cyber dictionary, and it is a new approach to threat detection and response. It provides holistic protection against cyberattacks across an organization’s entire digital estate, including endpoints, applications, networks, and cloud environments.

While the tool is often confused with Managed Detection and Response (MDR), Security Information and Event Management (SIEM), and Endpoint Detection and Response (EDR), it is very different as it builds upon each offering, rolling them into a single package to help organizations better secure their environments as digital transformation accelerates.

While EDR, MDR, and SIEM provide visibility into specific areas, by choosing just one, organizations are not necessarily improving their overall security posture against potential attack vectors because visibility is still limited to only the area that the solution is monitoring.

With EDR, the solution only looks for threats or security issues impacting organizations’ endpoints. Historically, when organizations’ primary attack vectors were PCs, this would have provided adequate security. However, attacks target multiple different sources today, so threat hunting and protection must secure everything.

XDR meets evolving security needs

Rather than deploying multiple tools from multiple security vendors, XDR combines endpoint, network, applications, and cloud architecture monitoring and response capabilities into one platform, allowing better correlation of security events and freeing security teams from vendor sprawl. With cyberattacks growing year-on-year, organizations simply do not have the manpower or resources to combat threats.

To bridge the gap, holes are plugged with new security products. While these are beneficial in threat detection, most products are from different vendors, which means there is no unified way to receive alerts. This results in strained security teams wasting time navigating through the mechanics of each security tool.

One of the best ways to overcome this issue is through XDR technology, the next evolution in threat detection and response. XDR’s capabilities protect organizations’ entire digital estates as they grow beyond the safety of its perimeter.

XDR can replace multiple toolsets and alerting systems into single, integrated solutions and provide rapid response against threats targeting all organizational infrastructure. Security teams can then identify and investigate alerts quickly from a single source without overburdening them before threats can harm businesses.

First published at The Last Watchdog