It is becoming increasingly clear that the foundation for robust cybersecurity must embrace the endpoint. This is why today’s enterprises are deploying eXtended detection and response (XDR) as an intelligent endpoint-inclusive approach to secure their systems. The key to remember is that good XDR must build on a solid base of endpoint detection and response (EDR).
The “X” factor in XDR is EDR.
Endpoints and EDR Still Matter
The endpoint is key to security in today’s organizations. A vulnerable employee laptop that gets hooked on the bait of a phishing attack is all it takes for a threat actor to gain a foothold and move laterally across an environment. A server attack could enable theft of proprietary data and seriously disrupt business continuity.
Suspicious activity on endpoints can be a precursor to large-scale breaches. To catch any behavior that departs from the norm, enterprises must monitor their endpoints. Unusual inbound and outbound network traffic, increases in incorrect log-ins or access requests, and unknown applications running on endpoints are just a few of many unusual activities to watch out for.
EDR is key to monitoring endpoints for suspicious activity such as these and more, in real time. Using artificial intelligence, EDR helps narrow the focus on the right alerts quickly so threats can be found and mitigated — either manually or automatically — before they cause lasting damage.
Choose EDR-Based XDR
Robust XDR solutions are EDR-centric. They take EDR to the next level and enrich the data with additional telemetry points. After all, there is gold hidden in network security, email security, and identity and access management (IAM) data that might strengthen EDR, but security teams have wrangled with the mechanics of incorporating relevant data in a timely fashion and translating this data mash-up into meaningful attack indicators, insights and alerts.
Enterprise buyers should use caution. Capitalizing on the popularity of XDR, piecemeal solutions have evolved, relying on security information and event management (SIEM) systems and/or proprietary data solutions to diagnose events on the endpoint. Such approaches have their own challenges. They either throw all data — including irrelevant information — into the pool and complicate matters further, or leave substantial gaps that do not paint a comprehensive picture of real-time threats. Such ad hoc solutions also require an enormous amount of time and talent before they begin to add value. Sure, security teams want to leave no stone unturned, but how many stones can they realistically look under given the constant barrage of security threats?
The best-in-class XDR solutions root themselves in EDR. They build on EDR’s enormous value proposition and add telemetry from tools such as operational technology and IoT security solutions, cloud security solutions, and network analysis and visibility (NAV) solutions, to name a few. Because XDR is built to cover all endpoints and deliver a single, actionable alert and a single pane of glass, along with centralized response capabilities, it saves time spent on connecting the dots to gather the full picture and effectively respond.
Best-in-class XDR tools are also cloud-native, leveraging the power and scale of cloud to ingest and correlate volumes of security data and automate response. As more attacks become identity-driven and cross multiple domains, the ability to easily scale data correlation, cross-domain investigation, threat hunting, detection and response will be essential for enterprise security teams.
Extending EDR to Get XDR
You can rest assured that the cybersecurity solutions you already use still matter in the XDR framework. Indeed, one of XDR’s strengths is it stitches together various solutions enterprises already have. It can make the security stack work together, instead of having to start anew.
One cannot overemphasize the importance of a strong and scalable EDR solution to anchor endpoint security. It is the “X” factor in XDR. Enterprises that short-circuit the process and dive into XDR without laying the foundation for EDR might risk building a house made of straw. One huff and puff, and the whole system can come crumbling down.
Today’s diverse enterprise systems landscape needs a strong focus on endpoints because a vulnerable endpoint is a problem at every stage of a cyberattack. It is an easy hook in, and because an endpoint is usually innocuous, it is easy for suspicious activity to go unnoticed. An eye on endpoints is what EDR delivers and XDR builds upon.
A walk-before-you-run approach that institutes XDR on the back of a scalable and sound EDR foundation will deliver better results for security teams facing modern threats.