IT and Business Insights for SMB Solution Providers

XDR Provides Unified Approach to EDR

A new generation of extended detection and response (XDR) solutions is taking endpoint detection and response to the next level. By Martin Sinderman

BUSY CYBERSECURITY and risk managers might have their jobs made easier with a new breed of endpoint detection and response (EDR) platforms called extended detection and response (XDR). According to Gartner, XDR unifies multiple security products into a security operations system.  

EDR platforms are software-based systems designed to help secure networks by protecting their entry points—including laptops, desktops, printers, mobile phones, and fixed-function devices such as ATMs—from security breaches that can result in data theft and other disruptions. The goal of an EDR platform is to detect and quickly respond to endpoint breaches while also recording, analyzing, and storing incident-based information that enables it to proactively protect against future similar incidents.

Current EDR platforms comprise multiple products for detection/response and recording/analysis/protection, which complicates implementation and administration. “Security and risk management leaders are struggling with too many security tools from different vendors with little integration of data or incident response,” says Peter Firstbrook, a Gartner vice president and analyst, and co-author of the recent report, Innovation Insight for Extended Detection and Response.

In addition, says Firstbrook, “Security alerts are often excessive, uncoordinated, and too often go unattended. Configurations are not actively maintained or tested for effectiveness, and security products are too infrequently upgraded.”

XDR promises to solve some of those issues. Its value propositions “are to improve security operations productivity and enhance detection and response capabilities by including more security components into a unified whole,” Firstbrook explains.  

An XDR platform not only extends prevention and detection to endpoints, networks, users, cloud, and more, “but can also automate investigation and response actions across the environment,” says Eyal Gruner, CEO of New York-based Cynet, whose Cynet 360 Autonomous Breach Prevention Platform integrates XDR endpoint, user, and network attack prevention and detection capabilities with an incident engine that fully automates investigation and remediation actions.

For resource-strapped cybersecurity managers in particular, “XDR products may be able to reduce the complexity of security configuration and incident response to provide a better security outcome than isolated, best-of-breed components,” Firstbrook says.

Gruner agrees, noting that XDR solutions are tailor-made for organizations with lean security teams. “These organizations typically don’t have the budget, bandwidth, or expertise to deploy, integrate, and manage all the technology required to protect their companies against modern cyberthreats.”  

While XDR is a promising solution, Firstbrook says the market is immature, with capabilities ranging widely among products. Many are in beta and early trial phases, but Sophos, Fortinet, Trend Micro, and others have XDR solutions in production now. Looking forward, Gruner calls XDR “a perfect solution for teams without the time or expertise to fully respond to threat alerts.”

Image: iStock

About the Author

Martin Sinderman is a freelance writer and frequent ChannelPro contributor in Savannah, Ga.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.