XDR (Extended Detection and Response) technology has already become one of the most conspicuous in the cybersecurity market. Its main advantage is its comprehensive approach to countering sophisticated cyberattacks. This is achieved by maximizing control over potential entry points and through the use of top-of-the-line tools for incident detection, threat hunting, investigation and response within a single incident-handling process.
Leading information technology research and advisory agencies are paying special attention to the technology – describing it as the most promising for the coming years. It therefore comes as no surprise to see the list of XDR vendors growing rapidly as many new companies enter the market. Some vendors already offer full-fledged solutions, while others continue to build convergence among their IT-security products and upscale XDR functionality.
Since the XDR concept is still in the making, let’s figure out what to consider when choosing an XDR vendor. In our view, a reliable XDR supplier needs to be able to provide the following:
1. EPP and EDR synergy
An EDR (Endpoint Detection and Response) solution for advanced detection and response to sophisticated cyberthreats at the endpoint level is a key element of XDR. For its part, EDR cannot do its job properly without a robust EPP (Endpoint Protection Platform) solution – a fundamental endpoint protection technology that automatically sifts out a huge number of mass threats – on top of which EDR comes into play. So, when choosing an XDR vendor, you need to look carefully at the endpoint protection features to make sure there’s support for various types of endpoints: PCs, laptops, virtual machines, mobile devices, and various operating systems (OS). The quality of an XDR solution depends directly on the synergy between EPP and EDR on the vendor’s side.
2. Comprehensive threat intelligence
It goes without saying that reliable and up-to-date threat intelligence is vital in effectively countering modern cyberthreats. Effective response is impossible without a full overview of cybercriminal tactics and techniques. Therefore, IT-security experts who use an XDR solution must have access to comprehensive, up-to-date threat intelligence; this additional context improves process of incident investigation and response by speeding it up.
3. Interoperability with third-party solutions
Although XDR solutions are usually a single-vendor affair from the start, when comparing XDR solutions it’s important to consider how well they integrate and interoperate with third-party solutions. Opting for an XDR solution with a strong ability in this regard would both help sustain IT-security investments and serve the main purpose of XDR: collect, correlate data and alerts from multiple IT-security components and provided on top additional cross-product scenarios to increase efficiency of complex incident response. The more sources of data the solution collects, the more complete the picture of what is happening in your infrastructure will be.
4. Technologies verified by independent experts and in practice
It is often difficult for organizations to independently evaluate the performance of intrinsically new solutions. In the case of XDR, it’s important to understand that the idea behind it is the consolidation of various IT-security tools into a single concept. Hence, the different components that make up this novel technology need to have been:
- successfully implemented worldwide;
- tested extensively by independent organizations – such as MITRE, SE Labs, or AV-Test;
- recognized by international analytical agencies – such as Gartner, Forrester, or IDC.
5. Clear development plans
Since XDR is still a nascent infosec trend, potential buyers need to study (i) vendors’ plans for development of their solutions’ components, and (ii) vendors’ roadmaps for system refinement. The more purposeful and clear such intentions are – and the more willingly they are shared – the more trustworthy the vendor.
Our enterprise-level security solutions working in conjunction provide XDR capabilities to your company’s cybersecurity experts. Thanks to seamless interoperability our products allow your organization to control all key entry points to your infrastructure, increase visibility and provide centralized defense. If you want to learn more please visit Kaspersky Expert Security web page.