The concept of Extended Detection and Response (XDR) represents a rising security category filled with much excitement and a multitude of contrasting viewpoints regarding the expected outcomes it might bring. Fresh market segments emerge when there exist inherent, unmet demands that cannot be fulfilled using the current technology or tool assortments. At Cisco, we hold the belief that XDR must address real-world issues in the Security Operations Center (SOC), many of which have troubled teams over the years. It is a distinctive category with a new acronym since our customers necessitate a fresh approach.
Certain vendors, and even a few industry analysts, appear to perceive XDR as a substitute for Security Information and Event Management (SIEM), or simply as an updated collection of attributes based on an Endpoint Detection and Response (EDR) resolution. However, our perspective differs…
The Genuine Potential of XDR
XDR solutions should encompass a customer’s current intricate ecosystem of security tools, streamline operations in the SOC, identify the most crucial threats, and offer automation and orchestration capabilities to enable a swift response.
- XDR should receive telemetry and security discoveries from various origins: network, cloud, endpoint, identity, email, and applications.
- XDR should view all these origins as critical contexts, examining these datasets with Machine Learning (ML) and Artificial Intelligence (AI) to detect threats earlier in the lifecycle with greater confidence.
- XDR should interlink and sequence these discoveries to portray the attack pattern as it unfolds, and give significant prioritization based on potential business implications.
- XDR should lead a security analyst through the inquiry and reaction using progressive disclosure (display your work – we security experts are critical thinkers – we need to comprehend what you’ve constructed as an incident, and why!).
- XDR should offer automation that is impartial toward the underlying security array so that users can respond promptly and assuredly from a single interface.
Next-Generation SIEM and EDR++
XDR, SIEM, and EDR complement each other. Initially, XDR platforms are not designed to be extensive data repositories utilized for threat hunting, sophisticated searches, observability, long-term storage, or compliance. XDR consumes the precise telemetry necessary to detect threat activities promptly. To be both efficient and cost-effective, while applying advanced analytics and artificial intelligence, one must be selective about the data intake and restrict the additional searches permitted for users. The encouraging news is: SIEM is ideally positioned to enable robust searches across comprehensive datasets. At Cisco, our vision of the SOC of the Future aligns the leading abilities of Splunk’s Enterprise Security SIEM with our innovative XDR solution, delivering a full security operations platform that can adapt to an organization’s current state and evolve to accommodate their future needs.
In conclusion, XDR is not only a progression of EDR solutions. Identity, email, network, cloud, and application telemetry all serve as vital viewpoints, particularly if one aims to identify and act on a threat before a managed endpoint is compromised. EDR offers excellent visibility for managed endpoints and constitutes a crucial capability that XDR must leverage. An excellent XDR solution can be neutral regarding the endpoint platform, thereby avoiding the need for an additional agent that competes for resources on end-user systems.
Validation of Market Trends and Consensus
Since the General Availability (GA) of Cisco XDR ten months ago, we have onboarded over 450 customers who are enthusiastic about our XDR vision and capabilities, and the product adoption rate is escalating. We engage with our customers and potential clients daily, integrating their suggestions and fresh methods to fulfill the outcomes they require.
In the “GigaOm Radar for Extended Detection and Response,” you will discover an exhaustive overview of the XDR market and GigaOm’s standpoint on the role of XDR in the security realm. Our concurrence with GigaOm’s research is not based on being a Notable Leader, but rather on shared viewpoints regarding the crucial use cases and opportunities that XDR can and should address!
The category of XDR is still evolving, but we hold positive optimism that it will revolutionize Security Operations Centers. The advancements in AI and ML empower us to expedite threat detection and response like never before, and it is imperative given that threat actors show no signs of slowing down either.
We eagerly await your feedback. Pose a Question, Share a Comment, and Connect with Cisco Security on social media!
Cisco Security Social Media Channels
Instagram
Facebook
Twitter
LinkedIn
About Author
