By Doron Davidson, Founder and VP of BD, SecBI

In the Gartner Top 9 Security and Risk Trends for 2020, Gartner security experts identified eXtended Detection and Response (XDR) as the number one trend in security solutions that enterprises should consider. As Gartner rightly says, “The primary goals of an XDR solution are to increase detection accuracy and improve security operations efficiency and productivity.”

As an issue that’s close to my heart, I couldn’t agree more with Gartner. XDR is a transformative capability in terms of security efficiency and productivity. While XDR technology is not new, it has yet to be widely adopted. This is partially because XDR ecosystems are still emerging, and partially because enterprises have been able to get by with managing siloed security systems (not optimally) and dealing with only the most critical security incidents (leaving many alerts unaddressed). Or they’ve purchased most or all of their security solutions from a single vendor. This helps them avoid integration headaches, even though they may not be getting the best possible product for each of their needs.

All along, we’ve been saying that XDR innovation a better way to increase detection accuracy and improve security operations efficiency and productivity. Garter agrees, and sees XDR as the top security trend for 2020.

What is XDR?

Conceptually, it’s quite simple. XDR is a single, cloud-based platform that collects and analyzes data from multiple, proprietary security components to provide unified threat visibility, full-scope detection, and automated response across all security systems in the enterprise.

In other words, it doesn’t matter how many different security systems and components you have. The XDR platform gives you a unified view of all the data from all the security systems, which improves detection accuracy and lets you automate appropriate responses to incidents.

There is no need to replace existing systems and components. On the contrary. XDR helps to optimize investment in current cybersecurity tools and to leverage them for better and wider protection.  This is of critical importance to enterprises that have invested millions in their security infrastructure.

There is no need for security teams to manually correlate data from different systems and to jump from dashboard to dashboard to investigate and resolve alerts. XDR automatically collects and correlates real-time data and security alerts from EPP/EDR, firewalls, and secure web gateways to paint a clear picture of every incident.

There is no need to lock into a single vendor. You have the freedom to choose best-in-class products, knowing that their data can be collected and correlated by the XDR platform, regardless of vendor.

There is no need for LAN connectivity. XDR is a cloud-native platform. Its automated visibility, analysis and response capabilities are always available, anywhere, anytime, on any device.

Full Steam Ahead with XDR!

In their Innovation Insight for Extended Detection and Response (published 19 March 2020), Gartner analysts, Peter Firstbrook and Craig Lawson found that enterprise security and risk management (SRM) teams are “struggling with too many security tools from different vendors with little integration of data or incident response.”

Firstbrook and Lawson agree that XDR products can offer “real value in improving security operations productivity with alert and incident correlation, as well as built-in automation.

The Gartner report provides an in-depth look at the current state of XDR and advises enterprise SRMs what to look for, and what to look out for, when deciding to adopt an XDR strategy and buy an XDR solution.

Gartner rightly notes that the “big” security vendors will offer their own flavor of XDR that is designed primarily to integrate the vendor’s own product lines. They will leverage their proprietary understanding of the relationships in the underlying data, and use private APIs to enable automated actions. While this kind of XDR architecture can be brought to market quickly and effectively, you’re still locked in to the same vendor. It’s like vendor lock-in on steroids.

A truly vendor-agnostic XDR solution will give enterprises more freedom to choose the best product for each need, knowing it will fit into their unified XDR architecture. The buyer’s advice offered by Gartner is spot on in this regard. I recommend you read the entire Gartner report, but as an example, Gartner tells buyers to focus on XDR solutions that:

  • Offer a rich set of APIs
  • Correlate and enrich data from multiple sources to support use cases such as threat hunting and advanced AI/analytics
  • Allow actions initiated in one tool and carried out in another

From the outset, we designed the SecBI XDR platform to do that and more. The SecBI XDR platform collects and correlates security data across the entire network and all its endpoint, network and mail gateways, and cloud security systems. From siloed data sources, it paints a unified and clear forensic picture of multi-vector attacks, accelerates investigation and automates response.

Contact SecBI, and let us help you plan the most effective XDR strategy for your business.