XDR counters today’s threats and manages security complexity

Security teams face many challenges. An increasing number of tools on the network that collect log data and create alerts means putting together a picture of what those alerts mean is complex as the data comes a high velocity and from so many different sources.

Threat actors continually change their tools and tactics, leading to a game of technical leapfrog as the attackers and defenders try to stay a step ahead of each other.

Extended detection and response, or XDR, enables security teams to aggregate information for different system and security logs. The platform learns what normal network and application behaviour looks like so it can detect anomalous activity using all available data. XDR can then respond, using automation, to isolate or remove threats.

Steven Hunter, Director at Arctic Wolf, explained, “If you look just at the endpoint or just at the network or just one part of the environment, you only see a thin slice of what you need to see to understand what the attacker is doing. XDR detects security issues across the entire IT environment because that's how attackers operate. They enter one part of the environment and then they move laterally across other locations.”

XDR offers three key advantages over traditional security approaches. It addresses alert overload or alert fatigue and allows security teams to better prioritise threats and respond faster and more effectively. It minimises the impact of tools sprawl as data from all available logs and alerts are aggregated and correlated to give a complete picture of what’s happening across the entire UT stack. And by using intelligent automation, it helps to address the shortage of cyber skills we see in Australia and across the world.

Choosing an XDR platform can be challenging. Hunter says the process starts by understanding the different types of XDR platform.

“There are three approaches to XDR - open, native, and hybrid. With open XDR, the platform ingests security telemetry from all your tools. This is a vendor agnostic approach. With the native approach the vendor only ingests the telemetry from their tooling. Hybrid XDR is a combination of the two where it's predominantly using the vendor's native tooling but also ingesting some third-party tooling and building detections on top of them.”

Countering today's cybersecurity threats is an exercise in managing complexity. XDR gives security teams greater visibility and insight into what is happening through their entire technology stack.  By choosing the right XDR approach and working with a trusted partner, organisations can better detect threats and defend their critical information and system assets.

Access the full State of Security report: Here