Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

Why Should My Organization Consider XDR?

XDR is a newish industry term addressing a very old problem: security products that don't work together to detect threats.

Al Huger, Vice President and General Manager of Cisco Security Platform & Response

October 21, 2021

1 Min Read
Incomplete jigsaw puzzle of a city skyline.
Source: Bianca Ackermann via Unsplash

Question: What is extended detection and response (XDR), and why should I consider it now?

Al Huger, vice president and general manager of Cisco Security Platform & Response: XDR addresses the complexity that security operations centers (SOCs) have suffered for years: Threat detection products operate as islands across the network, yielding divergent alerts that require correlation for effective response. Since the advent of security information and event management (SIEM) systems, security teams have spent years locating, forwarding, collecting, normalizing, and prioritizing alerts from their threat detection systems. More recently, security orchestration, automation, and response (SOAR) platforms have provided a bolt-on addition to automate and respond to normalized SIEM alerts, deepening the complexity and requiring more effort from scarce staff.

The lack of cooperation (or integration) between products creates a broken narrative for security operations. It’s like reading a book by selecting random chapters, rather than reading them in order.

XDR provides an elegant solution that yields actionable, correlated information with built-in response and automation capabilities. XDR dramatically changes the time-to-value for SOCs because they operate cloud-native, leveraging API connections to correlate information and tapping into the native response capabilities of connected products, all in a a single dashboard. SOCs can now quickly tie their endpoint, network, and cloud security applications together and respond to threats in seconds.

About the Author(s)

Al Huger

Vice President and General Manager of Cisco Security Platform & Response

Al Huger is Vice President and the General Manager of the Security Platform and Response (SP&R) business unit at Cisco, focused on delivering a world-class platform to experience Cisco's Security offerings and lead the industry in end-user protection and security analytics.

Under Al's leadership, SP&R continues to dramatically simplify SecOps' experience with industry-leading innovations and extraordinary progress in the emerging market Cisco pioneered: Extended Detection and Response (XDR). In addition to building the first-to-market integrated security platform--SecureX--Al's portfolio includes AMP for Endpoints, AMP for Networks, Email Security (Cloud Email Security, Email Security Appliance, Cloud Mailbox Defense) and Stealthwatch Analytics (Cloud and Enterprise).

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights