VIEWPOINT
DEMYSTIFYING XDR YOSSI NAAR, CHIEF VISIONARY OFFICER AND COFOUNDER, CYBEREASON, DEBUNKS XDR MISCONCEPTIONS FLOATING AROUND
E
xtended Detection and Response (XDR) is everywhere today, and it seems that every company is rolling out a strategy and products to meet the growing demand. According to the industry analyst firm Gartner, XDR is “a SaaS-based, vendorspecific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.” Notwithstanding XDR’s tremendous growth in adoption, more than a few misconceptions about XDR remain, so let’s debunk three of those myths here: Myth 1: XDR is all about Endpoint Security No, that’s what Endpoint Detection and Response (EDR) does, which is just one aspect of what XDR delivers. EDR 22
CXO INSIGHT ME
MARCH 2022
solutions focus solely on the endpoint, and they don’t correlate intelligence from the cloud and other parts of an organisation’s infrastructure. In fact, most EDR platforms are not even capable of ingesting all of the relevant endpoint telemetry and are forced to “filter out” intelligence without even knowing if that information is critical to making a detection because the solutions cannot handle the volumes of data generated. Indeed, there are vendors that simply cannot ingest all available telemetry for EDR, yet they profess to be able to deliver an XDR solution that ingests endpoint data plus an array of telemetry from numerous other sources on the network and in the cloud. Data filtering negatively impacts the ability to proactively thwart attacks because it omits telemetry that could allow for earlier detection of malicious
activity. When broadened to include non-endpoint sources, data filtering can further distort an organisation’s visibility into the threats confronting them. XDR does not suffer from these limitations. It extends continuous threat detection and monitoring as well as automated response to endpoints, applications, cloud workloads, and the network…all without data filtering. This helps to ensure the high fidelity of a threat detection yielded by XDR. Myth 2: XDR Should be Augmented by a SIEM It’s true that XDR delivers some of the same functionality as SIEM (Security Information and Event Management) tools. Chief among their similarities is the ability to aggregate and correlate data from a variety of sources spread across an organisation’s infrastructure, thereby
