Why Choose Open XDR? It's the Integration

If XDR is about integrating varying tools across the security stack, Open XDR goes a step further.

hands holding puzzle pieces
iStock

There are almost as many flavors of detection and response tools as there are flavors at the local ice cream shop – OK, perhaps that’s a slight exaggeration, but there are definitely a confusing number of options these days. NDR (network detection and response), EDR (endpoint detection and response), XDR (eXtended detection and response), and even Open XDR – they’re all variations on a theme of protecting endpoints, since they’re the first line of network defense.

Which option to pick? As a ReliaQuest customer recently related to us with a smile on his face, cybersecurity vendors want to sell you tools: some of which are Teslas, and some of which are Vespas. Sometimes you need the full-on Tesla, and other times, the Vespa is all you really need to get the job done. But customers need to decide if the top-of-the-line model makes sense for the business, or if the scooter makes sense based on the risk environment.

At ReliaQuest, we believe Open XDR is the best solution for the Tesla shoppers, the Vespa shoppers, and everyone in between. If XDR is about integrating disparate tools across the security stack – like SIEM, EDR, and cloud – Open XDR goes a step further, offering a vendor-agnostic approach to cross-platform XDR.

The fact is that the Tesla-or-Vespa choice shouldn’t be a one-shot deal. There are ways to give security teams unified detection and response, across various technologies, to collect, de-duplicate, and prioritize data to inform security strategies. A truly integrative platform can deliver the foundation security teams need to automate investigations and get to decision points faster – and which also sets up security teams to truly take advantage of machine learning capabilities. 

The uphill road toward integration – and true visibility

Why is it so hard for security teams to achieve this unified view of data on their own? As we’ve found from our own research, teams manage an average of 19 tools, and seem to be acquiring and adding more tools than they are decommissioning.

But this approach is clearly broken. There are too many tools to onboard, maintain, tune, and learn to use. On top of that, integrating all of these tools isn’t easy; even if every solution has an open API, security teams still have to glue those tools together, test and manage integrations, and take on maintenance and upgrades.

The recent report from ESG, The Case for Open XDR, nails down the problem and the solution this way: “Despite the promise of XDR, many organizations remain reluctant to move forward as they don’t want to embark on costly and complex projects that involve replacing existing security controls and analytics solutions. Open XDR alleviates these issues by acting as an overlay that sits on top of the existing security infrastructure. Open XDR can synthesize the alerts from multiple security controls, act as a common workbench for security operations, monitor/measure security efficacy, and take automated actions for incident response and risk mitigation.”

The best flavor of detection and response

Unified detection and response platforms are valuable for companies hunting for acquisition opportunities. Acquiring companies don’t need to rip and replace tools, since they have the ability to manage controls at the detection, investigation, and response level and plug in whatever technologies they already have underneath. The process helps drive efficiencies, implement fast time to value, and frankly, isolate risk.

So, getting back to choosing your flavor: With Open XDR, you can have a multitude of “flavor” solutions from various vendors, without worrying that they'll all play well together. You can leverage existing technologies, instead of having to standardize on a single vendor’s suite of tools. If you'd like to learn more about Open XDR’s value, download ESG’s The Case for Open XDR paper here.

Erin Sweeney is passionate about helping ReliaQuest customers achieve predictable security outcomes, largely delivered by ReliaQuest GreyMatter, the company’s unified platform for threat detection, investigation and response. Sweeney leads product marketing for ReliaQuest after an 11-year tenure at Splunk, where she held a variety of roles across solution, industry, field, and customer success. While there, her efforts helped drive the growth of the company from a start-up with $8 million in annual revenue to a $2 billion publicly traded cybersecurity industry leader. She believes Open XDR could be the path forward to help security organizations finally tackle alert fatigue and the skills gap to drive security efficacy and reduce risk.

Related:

Copyright © 2021 IDG Communications, Inc.