Leading-Edge XDR Backed by Security Experts
Working in the trenches of SecOps is hard enough. Threat actors are invariably a step ahead of the cybersecurity mainstream. In fact, their criminal success depends almost entirely on the fact that most SecOps teams play catch-up, rather than getting ahead of the curve. Most analysts aren’t even formally covering XDR as a category yet—let alone XDR as a managed service. That said, let’s get you up to speed on a cybersecurity innovation that has not yet become commonplace enough to get much attention from analysts, the press, or industry organizations: Managed XDR.
XDR vs. EDR
First, let’s clarify the difference between EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response).
EDR monitors endpoint activity (desktops, servers, laptops, POS, etc.) for malicious indicators. This endpoint-centric approach once made sense as a next step in cybersecurity, because endpoints are typically where attackers gain their initial foothold in your environment—whether they do so by phishing, a webshell, or some other tactic.
XDR, however, takes a more holistic approach—capturing and analyzing data from the cloud, the network, and other sources, including endpoints. XDR can correlate that data along with other threat intelligence inputs to prioritize alerts and even trigger remediation actions. This visibility and rapid response enablement is essential, because attackers have become extremely adept at maintaining a low profile at their initial site of endpoint penetration. So SecOps teams can no longer depend exclusively on discovery of suspicious endpoint activity. Instead, it’s essential to recognize combinations of behaviors that indicate an emerging attack.
And that’s exactly what XDR provides: the ability to detect the groundwork being laid for an attack even when EDR alone doesn’t set off any alarms—because it can’t.
Managed XDR (MXDR) vs. MDR
Now let’s consider the role of a managed cybersecurity services partner on top of EDR or XDR implementations.
In the case of EDR, the industry has already embraced the acronym MDR (Managed Detection and Response) to refer to the corresponding managed service. This is unfortunate, because MDR is really “MEDR.” That is, it’s simply the engagement of a managed services partner to use and manage your EDR tool for you. This managed option can be attractive to organizations with little or no in-house SecOps staff, since economies of scale enable cybersecurity service providers to operate clients’ EDR more cost-efficiently than they can themselves.
Address Cybersecurity Talent Gaps
Like MDR, MXDR offers economies of scale for staffing an XDR deployment. But MXDR goes a step further, because given the current scarcity of skilled cybersecurity technicians, most organizations would struggle to find, recruit, hire, and retain qualified XDR operators at any price—especially considering that XDR is a newer and inherently more sophisticated technology than EDR. So MXDR doesn’t just reduce labor costs for XDR. It actually enables organizations that would otherwise be unable to implement XDR at all—and to reap the unique technical advantages XDR offers.
Single, Prioritized View of Alerts
EDR technology is fairly binary. Either the tool picks up suspicious activity based on its configured sensitivities, or it doesn’t. XDR is far more effective because it doesn’t depend on a single attacker-foolable parameter to detect malicious activity.1 The right MXDR service provider therefore significantly enhances the cyber safety of the organizations it serves by continuously enriching its knowledgebase of attack characteristics. An MXDR service provider can also drive down false positives and false negatives by continuously refining the logic by which it relates discovered behaviors to those multiple attack characteristics.
1 A good rough analogy might be a PIN vs. facial recognition. A security system can simply recognize whether a PIN is correct or incorrect. But if an attacker knows the right PIN, the security system can’t stop them. Facial recognition, on the other hand, analyzes a variety of data points—the position of the eyes relative to the nose, the vertical of the nose relative to the horizontal of the mouth, etc.—to authenticate identity, making it far more difficult to fool.
Early and Accurate Threat Detection
By more fully and accurately identifying the true nature of any active attack, an MXDR service provider delivers much better guidance to those whose job it is to neutralize that attack and clean up after it—whether that response is performed entirely by the service provider’s team or in collaboration with an organization’s own SecOps and/or IT staff.
Integrated Threat Intelligence
Furthermore, because XDR gathers a much broader set of data from every site where it is deployed individually, an MXDR service provider gains vastly greater insight into attacker behaviors from its customer organizations collectively. This cumulative insight is of significant value to every organization the MXDR provider protects—and that value increases with every organization and every attack.
Put another way, MXDR uniquely translates threat research into threat protection that is tailored to each customer’s specific environment. It does this through a unique combination of enabling technology (the “XDR”) and SecOps expertise (the “M-“).
Cyber Safety Isn’t Just About Being Smarter Than the Bad Guys
It’s also about being faster than the other good guys, because there is tremendous safety in being just a slightly tougher target than your neighbor. Or, as the old joke goes, when you and your friends get attacked by a bear, you don’t have to outrun the bear. You just have to outrun your friends. So whether you embrace XDR or MXDR, you’ll definitely be ahead of the pack. And your organization will be much safer for it.
This webinar will introduce Managed XDR. After a brief primer on XDR technology, you’ll learn how Managed XDR differs from both unmanaged XDR, as well as Managed EDR offerings; what benefits organizations can gain from Managed XDR, as well as what pitfalls to watch for, and finally, tips for how to plan a transition to Managed XDR.