Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.
Why Should My Organization Consider XDR?
XDR is a newish industry term addressing a very old problem: security products that don't work together to detect threats.
Question: What is extended detection and response (XDR), and why should I consider it now?
Al Huger, vice president and general manager of Cisco Security Platform & Response: XDR addresses the complexity that security operations centers (SOCs) have suffered for years: Threat detection products operate as islands across the network, yielding divergent alerts that require correlation for effective response. Since the advent of security information and event management (SIEM) systems, security teams have spent years locating, forwarding, collecting, normalizing, and prioritizing alerts from their threat detection systems. More recently, security orchestration, automation, and response (SOAR) platforms have provided a bolt-on addition to automate and respond to normalized SIEM alerts, deepening the complexity and requiring more effort from scarce staff.
The lack of cooperation (or integration) between products creates a broken narrative for security operations. It’s like reading a book by selecting random chapters, rather than reading them in order.
XDR provides an elegant solution that yields actionable, correlated information with built-in response and automation capabilities. XDR dramatically changes the time-to-value for SOCs because they operate cloud-native, leveraging API connections to correlate information and tapping into the native response capabilities of connected products, all in a a single dashboard. SOCs can now quickly tie their endpoint, network, and cloud security applications together and respond to threats in seconds.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024