How XDR Can Help Gain Visibility Over Cyberthreat Landscape
Fady Younes, Cybersecurity Director at Cisco Middle East and Africa explores the key benefits of advanced XDR solutions to improve cyber defense capabilities and strengthen the security fabric of every organisation.
Security teams recognise that strong threat monitoring and response capabilities are mission-critical to securing the interests of a business, its workforce and customers. With the increasing sophistication of the cyberthreat landscape, the expansion of the security perimeter and changing work habits, ensuring business resiliency is now more crucial than ever. As the attack surface grows, detection becomes progressively difficult and dwell times increase, putting businesses at risk.
Even with the number of security software and hardware tools available in today’s marketplace, the transition towards investing in Extended Detection and Response (XDR) solutions has not matched the rate of need. This is largely due to the majority of security solutions being designed and built in isolation, without the ability to integrate with one another in a meaningful manner. These siloed technologies prevent streamlined security processes and result in important decision being made in isolation and with only a fraction of the available data.
XDR solutions were designed to alleviate the challenges of having multiple vendors, little integration, too little coordination, and a lack of time. Gartner defines XDR as ‘a unified incident detection and response platform that automatically collects and correlates data from multiple proprietary security components’. This means that XDR solutions operate across various layers of detection and response tools, normalise their different datasets, run high-fidelity analyses, and coordinate actions to make it easier for teams to understand the full scope of security issues and remediate quickly and efficiently.
XDR technology can reduce response times by up to 10 hours, while also improving end-user productivity by returning access to data faster.
In order to deliver a robust XDR solution, it is essential to have three components in balance:
- The solution must bring together many different control points and data sources.
- It must make intrusion detection smarter and faster with machine learning-enhanced analytics.
- It must reduce dwell times through easier investigations, faster responses, and more automation.
Any imbalance between these three elements will not deliver the advertised promises of XDR. Analytics are not as effective when they are used in isolation. Similarly, having a host of integrated solutions without a robust intrusion detection system and analytics also presents missed opportunities.
Cisco’s Holistic Approach to XDR
- Built-in Extensions – Simplify breach defense by natively connecting detection to response with capabilities integrated within each other products’ consoles across the broadest portfolio.
- Intelligent Detections – Identify malicious intent and risk exposure more accurately by connecting machine learning-enhanced analytics across the most data sources.
- Confident Responses – Reduce threat dwell times by pinpointing root causes with visual investigations and by connecting playbook-driven automation across the most control points.
Cisco enables XDR capabilities across the network, cloud, and endpoint control points with its proprietary Network Detection and Response (NDR) and Endpoint Detection and Response (EDR) solutions. EDR delivers visibility, quick detection and easy response for all managed devices in a given environment. To cover all unmanaged devices and cloud-native systems, Cisco’s NDR solution analyses traffic flows between any entity.
With both tools in hand, IT teams can see more broadly and with greater understanding of their organisation’s security landscape. The critical element of differentiation for Cisco is its platform, SecureX, unifies data, analytics and automation across NDR, EDR and beyond, to offer a simpler and broader approach to XDR.