Cybersecurity In-Depth

The Edge

Why Should My Organization Consider XDR?

XDR is a newish industry term addressing a very old problem: security products that don't work together to detect threats.

Question: What is extended detection and response (XDR), and why should I consider it now?

Al Huger, vice president and general manager of Cisco Security Platform & Response: XDR addresses the complexity that security operations centers (SOCs) have suffered for years: Threat detection products operate as islands across the network, yielding divergent alerts that require correlation for effective response. Since the advent of security information and event management (SIEM) systems, security teams have spent years locating, forwarding, collecting, normalizing, and prioritizing alerts from their threat detection systems. More recently, security orchestration, automation, and response (SOAR) platforms have provided a bolt-on addition to automate and respond to normalized SIEM alerts, deepening the complexity and requiring more effort from scarce staff.

The lack of cooperation (or integration) between products creates a broken narrative for security operations. It’s like reading a book by selecting random chapters, rather than reading them in order.

XDR provides an elegant solution that yields actionable, correlated information with built-in response and automation capabilities. XDR dramatically changes the time-to-value for SOCs because they operate cloud-native, leveraging API connections to correlate information and tapping into the native response capabilities of connected products, all in a a single dashboard. SOCs can now quickly tie their endpoint, network, and cloud security applications together and respond to threats in seconds.