E-Handbook:

Threat detection and response demands proactive stance

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Extended detection and response tools take EDR to next level

Extended detection and response tools offer new capabilities -- among them greater visibility -- to enterprises searching for better ways to protect their endpoints.

Endpoint detection and response tools protect organizations' endpoints by monitoring for suspicious behavior and collecting system activities and events. Many are equipped to automatically respond to threats, such as isolating an infected endpoint from the network. When combined with network traffic analytics and a SIEM system, security teams can use the accumulated data to detect and respond to threats that basic antivirus controls might not discover.

Yet, relying on a variety of tools poses challenges. While more information is available, managing multiple, independent products can be difficult and inefficient. More importantly, they may provide too narrow a view of the overall attack surface of today's typical IT environment.

Enterprises must have greater visibility into their networks and be more proactive in how threats are detected, traced and resolved. This means increasing the number of sources and the quantity of data captured and analyzed to ensure all of a company's technology assets -- from workstations to cloud resources -- are effectively monitored.

Monitoring threats on a combined dashboard

To fulfill these needs, many security vendors now offer extended detection and response, or XDR. XDR is a SaaS-based security threat detection and incident response tool that cuts complexity and cost by amalgamating multiple security products into a unified platform. The result is a tool that can ingest data from across the entire IT environment, both on premises and in the cloud, to give a more concise and clearer picture of what's happening on the network.

By correlating event information from various streams and combining it with external threat intelligence sources and contextual data, the number of low-quality and false positive alerts can be reduced. Known and unknown attacks, meanwhile, can be detected in real time.

XDR also employs proactive technologies -- such as machine learning and behavioral analysis -- to identify potential new or complex threats and trigger an automatic security response to classify and mitigate attacks more effectively.

Extended detection and response gives teams more firepower

By harnessing XDR's greater context and visibility, security teams should be able to react more quickly and reduce the effects of any attacks. Rather than simply quarantine a compromised endpoint, teams can reconstruct the attack, block the source and stop future incursions. These capabilities will help reduce the workload of security teams and improve their productivity. Some XDR products offer automated remediation based on industry best practices, while others enable the outsourcing of threat hunting and response to specialist teams.

Organizations still relying solely on traditional, reactive endpoint security tools, such as firewalls and antivirus software, should seriously consider XDR.

XDR offers a big advantage over previous generations of detection and response by removing the tasks of acquiring, configuring, deploying and managing multiple security tools. Security analysts can use a single dashboard and no longer need to juggle different tools, data sets and reports. Finally, XDR is an attractive option for smaller security teams or those companies that struggle to recruit enough security experts.

Organizations still relying solely on traditional, reactive endpoint security tools, such as firewalls and antivirus software, should seriously consider XDR. Security controls that depend entirely on known threat information to detect attacks are no longer enough to protect any type of network.

Do your homework

Of course, XDR doesn't replace the usual perimeter controls an enterprise needs to protect its IT infrastructure. But a properly implemented extended detection and response platform will help companies react more quickly to those threats that may have bypassed those controls.

An XDR deployment should lead to a lower total cost of ownership; companies with tight budgets should consider whether migrating to XDR might deliver better security at a price that is affordable over a full budget cycle.

Pre-purchase reviews and trials are essential. Switching vendors after the initial deployment could prove costly. Make sure the XDR product selected provides the features your specific organization needs -- both now and into the future.

This was last published in January 2021

Dig Deeper on Endpoint protection and client security

SearchCloudSecurity
SearchNetworking
SearchCIO
SearchEnterpriseDesktop
SearchCloudComputing
ComputerWeekly.com
Close