XDR: Does the industry really need another security tool?

With the world ever more digital and interconnected, the need for robust cybersecurity measures has never been more critical. But security analysts are overwhelmed with alerts and incidents, struggling to prioritize events amidst the rising sophistication and frequency of attacks. That’s why organizations need an Extended Detection and Response (XDR) solution that delivers on its promises.

XDR is a unified security incident detection and response solution, enabling visibility and context across your environment into even the most advanced threats. It applies analytics to detect malicious activity, and then responds to and remediates threats.

To be effective, XDR solutions must be comprehensive and automatically collect and correlate telemetry from multiple security tools across all vectors — email, endpoints, servers, cloud workloads, and networks. That’s easier said than done.

Overcoming SIEM/SOAR limitations

Understandably, many organizations thought their detection and response needs would be covered by Security Information and Event Management (SIEM) solutions analyzing event logs to provide visibility into events and Security Orchestration and Response (SOAR) solutions helping to automate response and remediation.

But run the numbers: with organizations experiencing on average 11,000 events per day, the security analyst has no hope of keeping up. Even with full automation that reduces the events to only 30 seconds to process, that only provides the ability to handle 2880 events per 24-hour period. What’s needed is improved prioritization and focus on the most important assets that need protection.

SIEM/SOAR solutions still have a relevant place in mature environments where organizations are in command of all the processes, procedures, and runbooks of their Security Operations Centers (SOC). But few can boast of such expertise, hence the need for innovation that makes integrated detection and response equitable for all security teams.

Analysts are dealing with an average of 45 tools, without the effective integrations needed to manage them effectively. “Drop by your analyst’s desktop and see how many tabs they have open — it’s a lot,” says Rob Gresham, Cisco principal technical marketing engineer specializing in security operations, response, automation, and threat intelligence. “The capabilities they need aren’t integrated and they don’t work together out of the box. It takes time and expertise to put those tools to work.”

Security analysts find themselves on an endless treadmill of trying to integrate patchwork coverage from an industry supersaturated with point solutions. With Endpoint Detection and Response (EDR) tools, organizations have seen the value of adding detection and response into a single solution, but it’s not enough.

Comprehensive, integrated views

Some EDR vendors are attempting to extend their products by incorporating Network Detection and Response (NDR), but lack the expertise to provide a comprehensive, integrated viewpoint.

Cisco’s approach to XDR is to provide a bridge to more integrated detections and responses, so organizations can act fast before the adversary sets in. They are doing so by providing an XDR environment to which customers can plug in APIs to their existing EDR and other security tools.

“So long as you’ve got your API keys in,” says Gresham, “Cisco starts pulling your data into our XDR analytics environment and starts creating the insights into your devices that allow you to categorize your assets and focus on those with the most risk to provide you a standardized response plan.” 

Cisco protects all the Fortune 100 and takes the responsibility of protecting customers’ assets seriously. Learn how Cisco is taking the fear, frustration, and friction out of SecOps with Cisco XDR.

Learn more about Cisco XDR.