BUSY CYBERSECURITY and risk managers might have their jobs made easier with a new breed of endpoint detection and response (EDR) platforms called extended detection and response (XDR). According to Gartner, XDR unifies multiple security products into a security operations system.
EDR platforms are software-based systems designed to help secure networks by protecting their entry points—including laptops, desktops, printers, mobile phones, and fixed-function devices such as ATMs—from security breaches that can result in data theft and other disruptions. The goal of an EDR platform is to detect and quickly respond to endpoint breaches while also recording, analyzing, and storing incident-based information that enables it to proactively protect against future similar incidents.
Current EDR platforms comprise multiple products for detection/response and recording/analysis/protection, which complicates implementation and administration. “Security and risk management leaders are struggling with too many security tools from different vendors with little integration of data or incident response,” says Peter Firstbrook, a Gartner vice president and analyst, and co-author of the recent report, Innovation Insight for Extended Detection and Response.
In addition, says Firstbrook, “Security alerts are often excessive, uncoordinated, and too often go unattended. Configurations are not actively maintained or tested for effectiveness, and security products are too infrequently upgraded.”
XDR promises to solve some of those issues. Its value propositions “are to improve security operations productivity and enhance detection and response capabilities by including more security components into a unified whole,” Firstbrook explains.
An XDR platform not only extends prevention and detection to endpoints, networks, users, cloud, and more, “but can also automate investigation and response actions across the environment,” says Eyal Gruner, CEO of New York-based Cynet, whose Cynet 360 Autonomous Breach Prevention Platform integrates XDR endpoint, user, and network attack prevention and detection capabilities with an incident engine that fully automates investigation and remediation actions.
For resource-strapped cybersecurity managers in particular, “XDR products may be able to reduce the complexity of security configuration and incident response to provide a better security outcome than isolated, best-of-breed components,” Firstbrook says.
Gruner agrees, noting that XDR solutions are tailor-made for organizations with lean security teams. “These organizations typically don’t have the budget, bandwidth, or expertise to deploy, integrate, and manage all the technology required to protect their companies against modern cyberthreats.”
While XDR is a promising solution, Firstbrook says the market is immature, with capabilities ranging widely among products. Many are in beta and early trial phases, but Sophos, Fortinet, Trend Micro, and others have XDR solutions in production now. Looking forward, Gruner calls XDR “a perfect solution for teams without the time or expertise to fully respond to threat alerts.”