What is Extended Detection and Response (XDR)?
According to Gartner, Extended Detection and Response, or XDR, is a security threat detection and incident response tool that integrates multiple security products into a cohesive security operations system.
The term created by Nir Zuk, CTO of Palo Alt Networks, has meant a lot of Managed Security Service Providers (MSSPs) have changed how their technologies work to follow market trends.
For Communicate, XDR is what we have always provided, our services and solutions are integrated to detect and stop sophisticated attacks.
Whilst the term XDR has only been around since 2018, the concept of integration has been focused on for many years. The main issue is from a best-of-breed perspective. One vendor will have strengths in one or maybe two areas, whilst another vendor will be light years ahead in another area, making a single vendor choice almost impossible to truly tick all the boxes.
The approach for many successful Security Operation Centres (SOCs), including ours, is to focus on the best technology for each job and integrate where you can. Where integration is not possible, we employ the experts to build the picture and respond appropriately.
Currently, no matter how good a single technology is, it cannot replace humans looking at multiple data sources.
What are the advantages of XDR?
How should you choose an XDR provider?
The evolution of good technology is ever-changing. Many MSSPs stick with a proven technology they have worked with for many years, without testing new stable technologies.
Without the adoption of new technology, these MSSPs tend to argue they have 10-15 years of experience with X technology, so it must be good. However, the reality is very different.
Ask an ethical hacker what technologies they hate coming up against and if you hear the same technology over and over, then this should give you a good indication of where to run your own tests.
We don’t change technology often here at Communicate, but we do constantly test technologies that perform well. It takes time to make sure that it’s the right technology and that’s the main reason our clients let us choose what’s right to protect their data, IP and reputation.
Purchasing a complete XDR service takes the pain out of testing, proof of concept (POC) and the procurement process. One payment either monthly, quarterly or annually takes care of everything from the technology to the implementation, continuous tuning, testing (Penetration Testing) and even the staffing to monitor and respond.
We use our multi-stage threat detection engine and a blend of techniques to weed out false positives and identify true threats, leaving less work for the experts to analyse, saving us time and you money.
Does XDR minimise investigation and response time?
With our multi-layered integrated detection and prevention technologies, backed by our UK SOC, our experts investigate, confirm and eradicate threats 24/7 and provide the right advice and guidance quickly.
Is there still a need for SIEM?
SIEM is a large part of any cyber solution, it detects security threats and provides real-time analysis. On its own, SIEM is a very expensive system which fills up your mail server with things to investigate and is usually personally monitored – if it is not monitored 24/7 this is where threats can become serious.
A SIEM solution is still required but it is just one of 20 elements within our XDR solution and it’s one of the most powerful enabling integration of many of these tools.
XDR incorporates advanced cyber security functions, including SIEM, to provide the best security defence, managed by our team of experts 24/7, please get in touch to find out more.