XDR: where threat hunters and AI unite

By on
XDR: where threat hunters and AI unite

In the modern network matrix of security and threat detection, context is the new black. 

XDR is the aspirant unifying platform for keeping networks safe, and its ability to provide context is its pivotal feature. Gartner reports that 5 per cent of US organisations are currently using XDR, but that is expected to climb to 40 percent by 2027. 

In today’s business landscape, where remote workers have footprints across multiple networks, security context and intelligence is the order of the day. This is where XDR delivers. 

“XDR really is about more comprehensive visibility into the activity of your environment and where those activities might pose a security risk and any potential start to compromise,” explains Riot Solutions general manager operations, Nick Long. 

“I think from the start, what businesses need to understand is that XDR is the forward-facing front, the frontier of where cybersecurity is going,” Long says. 

He positions XDR as the highly evolved end of security solutions, and as such, organisations implementing it require certain maturity levels inside their digital environment before they can undertake XDR in order to leverage to full benefits.  

“You can't have just your old classic perimeter ring-fenced cyber environment. You can't have those siloed security systems that aren't capable of being brought in together. What you need is to be able to bring them together, bringing all of those rich data sources in together to be able to get those security teams to be able to detect and respond to those indicators of compromise in a timely fashion."

If you are doing that effectively, you will maximise the value you can leverage from the security controls in your tech stack, he says. 

"You're going to be able to then have the rich view to be able to do much quicker, alert, prioritisation across the analytics and cross-correlation that you have of those data sources." 

This, he said, increases the time available for triage decisioning. 

"If we're starting to look at the mature edge of it, we're now going to be talking about automated workflows and the likes of them,” Long says. 

InfoTrust co-founder and MyCISO CEO Dane Meah says that this is what makes XDR interesting – XDR provides a comprehensive network viewpoint and richer behavioural context about the network environment that is significantly limited but just endpoint detection.  

“XDR and managed detection response solutions put a huge emphasis on taking multiple data points, being that from the endpoint from the network layer from cloud, and then correlating that data.

“I'm really looking for indicators of compromise – not necessarily a discrete act of one local alert, but it's a series of different indicators that paint a picture about what's actually happening in the environment,” Meah said. 

He adds that for threat hunters or analysts the XDR platform offers a much richer ecosystem to destroy the breach before it activates and also allows for outsourcing human and often fallible detection to a sophisticated AI-based tool set.  
 
“It's a much more interesting, more experiential experience managing a more complex environment with a managed service provider. It is very difficult to find and retain staff as an end customer for managed detection response.

Managed detection and response capabilities are not generally built in-house outside of the larger end of town. Threat hunters are the people that look for action behaviours, what we call indications of compromise, that may not have been seen before. So, they're able to join the dots at a human level.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

Log In

Email:
Password:
  |  Forgot your password?