XDR driven by the need to unify intelligence about emerging threats

By , on
XDR driven by the need to unify intelligence about emerging threats

When Marshall McLuhan penned “we shape our tools, and thereafter our tools shape us,” in the pre-digital age, he wouldn’t have conceived that cybersecurity would follow that sentiment. XDR, one of the fastest-growing types of security platforms, stands out for its behavioural detection abilities. 

Whilst XDR remains an emerging category in the security sector, its adoption has accelerated during the pandemic as humans have not always been available and present, so companies have been forced to look at more managed solutions that operate with greater autonomy. Companies implementing XDR found that as a technology it required less administrative interaction and better suited remote, Covid-ridden workforces. 

“The X stands for anything, any endpoint, any network device, any server, any cloud application, and the DR stands for detection and response. Compared to EDR, XDR takes a much broader view of your environment including switches, routers, network, and cloud servers. You name it and everything in between,” explains InfoTrust co-founder and MyCISO CEO Dane Meah.   

AI and machine learning 

An XDR platform hunts and gathers data from multiple sources and is loaded with AI and Machine Learning capabilities designed to provide a clear and often autonomous progression from standard endpoint protection platform (EPP) and endpoint detection and response (EDR) tools. 

“You're really unifying your detection and response capabilities across all of the different egress points of your network, not just a single point. And whilst endpoint is very important and where the battleground is won and lost often, there is an enormous intelligence that you can yield from these larger environments. That's why XDR has become such an important weapon in the fight against the more sophisticated attacks,” Meah says. 

CT Group managing director Anton Thysse adds that the sophistication of the AI in XDR is propelling its adaptation and evolution to respond to the evolving security threat environment.  

“The analytical aspect is imperative to XDR working. As with any modelling of the data, the information that you analyse or the outcome of the analysis of data is only as good as the source. The AI-driven aspects of XDR are very much still morphing into what a fully mature product would look like. But the information received from that is absolutely critical. The analysis part is very important, but ensuring the quality of the dataset that is being analysed is equally as important,” he explained. 

The level of data monitoring, processing and storage available to XDR solutions are a big factor in their ability to churn through more data, says Arinco Modern Work and Security consultant, Paul Maggs.  

“XDR is a cloud solution, which means we've got a lot more elasticity in regards to processing power and storage. We can gather a lot more data from a lot more sources and with that data we can start to put together baselines around what we would typically see," he says. 

"For example, if someone signs in to their account and accesses a certain number of documents, we can start creating a baseline about what they do during a particular day. If we start to see deviations, that's where we may start raising an alert in terms of ‘this isn't typical behaviour’. So we might see someone accessing a lot of documents, we then may see a lot of data being exfiltrated somewhere – that's where we can start taking all of those data points that we've collected.” 

He said that would allow the team to make better determinations about how to respond. 

In Thysse’ view, this ‘single view’ of what is occurring across all network activity has never before been achievable, given the multiple tool sets used in most organisations.  

“XDR as a concept is solving that problem for the technology industry, by having an overarching true perspective view of what is happening on the network in real-time. Being able to analyse the data that is coming back from all of those platforms is immense and provides not only efficiency gains generally, but efficiency gains to the engineers and the people working in the technology space. But also, it reduces the risk to the business tenfold,” Thysse says. 

XDR’s ability to act autonomously in real-time has the potential to move the business benefits from cybersecurity into a new realm. 

“It's definitely the overarching view of all of the information, not just one single toolset. As an example, EDR is one toolset that is used, but if you then incorporate your firewall, your intrusion prevention systems, DDoS geo-blocking, your SIEM solution, all of the information into one place, it would be virtually impossible for a human to really kind of not only consume that but also really understand the information that's coming back,” Thysse adds. 

The return from business cybersecurity spending can be difficult to quantify, but as Meah says, “the old saying with cybersecurity is it's a form of insurance. So, the ROI is breach prevention.” 

He adds that these are the stats that really matter. “We can talk about vanity statistics, you know, the number of alerts generated, number of incidents generated but blocked –  but they kind of don't really matter because they were stopped. What matters is at a macro level: uptime in your business, prevention of breaches, and ...  any issues that could arise from a cybersecurity incident.” 

With current security breach trends in mind, Thysse forecasts vast uptake of XDR by enterprise and government organisations in the short-term future. 

“However, in the SME market for anything under 500 seats, it will take a very long time before XDR becomes a household name and also an affordable solution. It being so new and such a buzzword in the community as it is at the moment means that there's a very high cost of deployment. It's not polished as it could be and would be in the coming years. 

According to Meah, "Once it's there and there is some competition in the market with multiple vendors offering XDR, and the AI behind XDR improves and matures, that's when we will start seeing more affordable everyday solutions for SME markets.” 

That, he said, was still some years away.  

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?