Skip to main content

In my last blog post, I described how the market for eXtended Detection and Response (XDR) is evolving and how CISOs should approach this new and promising technology. It was good and useful information, if I do say so myself, but it didn’t directly address the question why security professionals should care about XDR in the first place.

The answer: Because XDR has the potential to accelerate threat detection/response while streamlining security operations. 

I’ve been writing about security operations and analytics platform architecture (SOAPA) since 2016.  From its inception, SOAPA was designed as an interoperable security operations technology architecture, using APIs, messaging buses, vendor co-development, and custom coding as a means for integration.  The vision for XDR is that it will deliver an out-of-the-box SOAPA.  Large enterprise organizations will still operate other specialized security operations technologies like threat intelligence platforms (TIPs) and security orchestration, automation, and response (SOAR) platforms, but XDR will integrate with these systems while acting as a central hub for security operations.

Can XDR tilt the playing field?

In theory, XDR can deliver good security operations progress, but it may not be enough to give an advantage to cyber-defenders.  One reason is that security operations are increasingly complex, driven by a growing attack surface, massive security data growth, and a dangerous threat landscape.  XDR vendors get this, but they are fighting an uphill battle against complexity.  Making rocket science easier could help accelerate space exploration, but it’s still rocket science and requires rocket scientists. 

Original article source was posted here

All rights reserved Jenson Knight.