Four Considerations for Evaluating XDR Platforms

September 15, 2021 | 3 minute read

There’s a growing need for the more holistic approach to threat detection and response that XDR can deliver. Why? Just look at what’s going on in the digital threat landscape...

First, attackers are not letting up. Researchers recently revealed that the volume of digital attacks was more than 30% higher in the first quarter of 2021 than they were just a year ago, as reported by ITProPortal. A month-by-month examination of attack volumes showed that the number of attacks in January of 2021 was 14% greater than it was in Q1 2020. February was a third more, whereas March increased by half.

When they looked at the types of attacks targeting organizations, the researchers found that malware was leveraged in 32% of attacks. This was followed by unknown attacks, incidents where security products were unable to recognize malicious code, in 22% of attacks analyzed in that quarter.

Digital attacks aren’t just becoming more numerous, they’re also growing in sophistication. Researchers attributed this development to the expanded use of “techniques that make them [the attackers] harder to spot and that threaten even the savviest targets.” Those tactics included new ways of scouring the web for systems vulnerable to novel methods of reconnaissance by attackers.

A growing attack surface isn’t helping organizations, either. Many organizations’ attack surfaces grew when they offered more remote work options and embraced more dispersed workforces in response to the pandemic in 2020. Indeed, Help Net Security pointed out that international companies with 20,000+ employees are now more vulnerable because of their distributed infrastructure and workforces as well as the higher number of applications they need to manage.

Considerations in Evaluating XDR Platforms

Many organizations are turning to Extended Detection and Response (XDR) as a solution to the challenges discussed above. Per a previous blog post, XDR functions as an evolutionary step for Endpoint Detection and Response (EDR). It takes EDR’s focus on continuous detection and automated response, and it uses telemetry and data from beyond the endpoint to broaden detection capabilities to include its applications, cloud environments, IoT devices, user personas and other parts of its network.

XDR enables organizations to achieve more holistic detection and response. However, they need to make sure that they take the following into consideration when selecting an XDR platform as outlined by DevOps.com:

    • Organizations need to investigate how much money it will cost to integrate an XDR platform with other parts of their security stack. The crucial point here is that organizations need to figure out what cost is feasible for them and whether that’s doable given the other security solutions they already have deployed. As part of this calculus, organizations need to take the costs of maintaining XDR integration into the future.
    • If they find an XDR solution that’s financially feasible in terms of integration, organizations need to figure out whether that tool works for them when it comes time to implement. Time is the operative word here. For organizations dealing with remote workers and a growing number of applications, they need to go with an XDR platform that doesn’t take weeks to implement.
    • As stated above, one of the crucial benefits of XDR is its ability to carry EDR’s automated analysis capabilities to other parts of the network. But automated means different things to different XDR vendors. Organizations need a solution that uses automation beyond just data processing. They need an automated platform that minimizes the amount of manual work that’s needed of their analysts by delivering the context and correlations required to act as a force-multiplier for the analysts.
    • Finally, the central advantage of XDR is that it helps to bring an organization’s other security tools together in a way that simplifies detection and response. Organizations therefore need to steer clear of solutions that could require undue support such as employees needing to learn new skills just to manage the XDR tool.

Acknowledging these considerations, organizations need an XDR solution that doesn’t require them to build their own integrations, that uses adaptable automation capabilities with multiple parameters, and that includes native services and functionalities without add-ons.

The Cybereason XDR Advantage

The Cybereason XDR Platform comes with dozens of out-of-the-box integrations. What’s more, it uses both Indicators of Compromise (IoCs) and Indicators of Behavior (IoBs) to detect the subtlest indicators of an attack earlier in the attack sequence, allowing organizations to detect novel, never before seen attacks.

Cybereason XDR is designed to provide visibility organizations require to be confident in their security posture across all network assets, and delivers the automated responses to halt attack progressions, eliminating the need for both SIEM and SOAR solutions. Organizations can enjoy these benefits whether they drop their SIEM and SOAR entirely or augment it with Cybereason XDR.

Cybereason XDR:

    • Delivers Enterprise-Wide Security: Cybereason XDR reverses the attacker advantage and returns the high ground to the defenders by extending detection and response capabilities across the broader IT ecosystem that makes up modern enterprise environments. Defenders can pinpoint, understand and end any MalOp™ (malicious operation) across the entire IT stack whether on premises, mobile or in the cloud.
    • Enables Visualized Investigations: Cybereason XDR eliminates obstacles to effective detection and response, including log management and data collection tasks, agent deployment and maintenance cycles, and convoluted syntax languages for data extraction and behavioral detections. XDR breaks through data silos and unifies device and identity context in a single, visual investigation experience. Empower your curious analysts to remain focused on the mission without being distracted by manual tasks.
    • Reverses the Adversary Advantage: Cybereason XDR enables frictionless adoption of advanced detections built by and shared with the larger community of defenders. United in our efforts we can increase the burden on the attackers so they are forced to relinquish the advantage they have enjoyed for too long.

Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Cybereason Security Team
About the Author

Cybereason Security Team

The Cybereason Security Team champions cyber defenders by providing future-ready attack protection that unifies security from the endpoint, to the enterprise, to everywhere the battle moves. The Cybereason Defense Platform combines the industry’s top-rated detection and response (EDR and XDR), next-gen anti-virus (NGAV), and proactive threat hunting to deliver context-rich analysis of every element of a Malop (malicious operation). The result: defenders can end cyber attacks from endpoints to everywhere.

All Posts by Cybereason Security Team