What's XDR's Role in an Incident or Breach?
"This is really where XDR will be very valuable," says ESG's Oltsik.
Today, one tool may detect anomalous behavior, but then someone with security analytics skills must examine the data and determine what else to investigate. The MITRE ATT&CK framework provides a road map, says Oltsik, but not every organization has the skills or visibility to look under every rock.
XDR not only provides all the visibility in one place, but it is designed to piece together all the stages of an attack based on analytics. Rather than receive dozens of alerts, XDR alerts will consolidate others into high fidelity, highly detailed alerts that include a timeline of an attack kill chain. This would help immensely in several areas, like reducing alert storms, pinpointing root causes, and expedite remediation.
"To be clear, we aren't there yet but this would be a security operations game changer," Oltsik says. "I've used the analogy of how Henry Ford's introduction of the manufacturing line increased productivity, cut costs, improved quality, etc. If XDR can fulfill its potential, we could see similar impact on security operations."
(Image: James Thew via Adobe Stock)