October 27, 2021 | 3 minute read
XDR, shorthand for the product category of Extended Detection and Response, is a security approach that extends the power of EDR (Endpoint Detection and Response) capabilities to create integrated detection and response across not only endpoints, but also application suites, user personas, on-premises data centers as well as workloads hosted in the cloud.
Most XDR platforms are integrated with threat intelligence to spot indicators of known attacks, but only Advanced XDR offerings leverage artificial intelligence (AI) and machine learning (ML) to automatically correlate telemetry from across these disparate assets to identify attacks that may have never been seen before.
Advanced XDR also provides the necessary visibility over an entire attack chain wherever it happens to originate and reveal exactly how the attack progressed and which assets and users were impacted, as well as offering automated and/or guided response options that Security Information and Event Management (SIEM) solutions cannot and Security Orchestration, Automation and Response (SOAR) solutions struggle to deliver at scale without a tremendous amount of manual intervention by security analysts and incident response teams.
One of the key strengths of an Advanced XDR solution is that it frees security teams from needing to investigate a barrage of alerts individually from a range of point solutions so that they can quickly answer the question “are we under attack?” Advanced XDR does this automatically by correlating telemetry to reveal attack timelines from root cause to enable security teams to respond faster and more efficiently.
An Advanced XDR platform provides multiple advantages to organizations that deploy them. First, it collects security telemetry from different parts of an organization’s infrastructure. Such functionality eliminates the need for a SIEM or SOAR solution and improves security teams’ visibility of their organizations’ distributed networks.
What’s different about Advanced XDR is that it doesn’t deliver a flood of non-contextual threat alerts. It automatically delivers the deep context and correlations, thus sparing team members from the tedious task of needing to triage and investigate unsubstantiated alerts manually without the added obstacle of excessive false positives.
Second, Advanced XDR works to break down information silos that would otherwise prevent security teams from obtaining a unified view of their organization’s infrastructure. It does this by integrating the functionality of firewalls, antivirus solutions, EDR, Identity and Access Management (IAM), Cloud Workload Protection (CWPP) and other security technologies into its detection and response approach.
Third, Advanced XDR allows organizations to shift from an alert-overload scramble to an efficient operation-centric approach to their security. The former is a reactive stance where security teams are constantly trying to keep up with incoming threat alerts. In the process, security professionals need to investigate threat alerts for relevant context as they work to manually piece together the entire attack chain, a task which could require them to investigate multiple false positives.
By contrast, Advanced XDR takes an operation-centric approach that focuses on the chains of behavior that make up an entire attack sequence, allowing security teams to end the entire attack as whole instead of remediating isolated elements of the attack. For example, detecting and removing a piece of malware on an endpoint does little to prevent compromised user credentials from being abused again, and does not address attacker persistence on the network.
Which brings us to the final benefit of Advanced XDR: automated response. Security teams don’t need to resort to manual response processes when it comes to Advanced XDR. That’s because an Advanced XDR platform should enable teams to build detection and response playbooks through which they can automate key steps for responding to attacks.
Modern threats render traditional security approaches ineffective on their own. Take EDR and other XDR offerings as an example. This methodology might be effective at continuously monitoring for threats and automating responses, but its effectiveness stops at the endpoint. It does not provide coverage for all aspects of an organization’s infrastructure.
What’s more, some EDR and XDR tools do not have the ability to ingest all available telemetry at the endpoint level. They resort to “smart filtering” where telemetry is eliminated even though it might be useful for detection (not as “smart” as they try to make it sound). They must do this because they need to send all data to the cloud for analysis before they can return a detection. And to be sure, those vendors who filter telemetry from the endpoint because their platforms can’t handle data volumes at scale can’t truly deliver an Advanced XDR solution where telemetry volumes grow exponentially.
Cybereason delivers an Advanced XDR solution that enables organizations to embrace an operation-centric approach to security because where other XDR solutions limit critical data collected because they can’t process or store it, Cybereason Advanced XDR is designed to collect and analyze 100% of event data in real-time, processing more than 23 trillion security-related events per week, with absolutely no “dumb filtering.” This allows customers to improve their detection and response intervals by 93%.
The Cybereason Advanced XDR Platform comes with dozens of out-of-the-box integrations and is designed to provide visibility organizations require to be confident in their security posture across all network assets, and delivers the automated responses to halt attack progressions, eliminating the need for both SIEM and SOAR solutions. Organizations can enjoy these benefits whether they drop their SIEM and SOAR entirely or augment it with Cybereason Advanced XDR.
Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about Cybereason Advanced XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.
Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.All Posts by Anthony M. Freed