Breaking Down Extended Detection and Response (XDR): Benefits, Hype, & Reality

Extended Detection and Response (XDR) gives an organization complete visibility into the entire network, not just endpoints, and helps them deal with threats effectively. Even though the technology is still at a nascent stage, here are some reasons why it could prove to be a one-stop solution for organizations when it comes to dealing with multiple forms of threats and securing systems and data from hackers looking to make a quick buck. 

Security is an ongoing and growing issue for every organization. With the geometric growth in employees working from home in the past year, organizations need to have software to secure digital assets located both outside and inside their network perimeter. And it’s not just employees’ laptops that have to be part of this security strategy, there are other mobile devices, the network, servers, cloud workloads, Internet of Things (IoT) devices, applications – and the list continues to grow.

In addition, the security threat isn’t coming from the hacker working alone in the dead of night that we often see on TV shows. The truth is that there are many high-profile and very successful hacking groups (such as Anonymous, Chaos Computer Club, Homebrew Computer Club, and Legion of Doom), and there are nation-states coordinating attacks. On top of that, there is always the threat from disgruntled or coerced employees.

Faced with this situation, many IT security teams have come up with a variety of point solutions to secure different parts of that landscape. They may be using endpoint detection and response (EDR), network traffic analytics (NTA), or security information and event management (SIEM) to help defend different platforms. And they will be trying to deal with vast amounts of security data – which may often obscure actual attacks when they occur.

A newer alternative is Extended Detection and Response (XDR). According to GartnerOpens a new window , XDR is “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.” In effect, it receives data from endpoints, networks, and clouds and analyses it to identify high-priority alerts. Because it can create baselines for normal behavior in an environment, it can detect issues and then respond to them appropriately, such as containing and removing the threat.

Learn More: Overlooked Endpoint Devices Are the New Frontiers of Cybersecurity Risks

Why XDR and Not EDR?

So, why is everyone getting excited about XDR when they already have EDR (endpoint detection and response)? Isn’t it just a fancy new name for something that already exists?

Both XDR and EDR offer automated threat detection and response because they can access data from endpoint devices. They also use real-time data monitoring and data analytics to identify threats that kick off automated and rule-driven responses, thereby dealing with threats quickly. So, both are much better than the reactive approach that most sites used to detect and respond to threats in the past.

Both XDR and EDR are preventative in their approach to cyber security, and both leverage automation to rapidly respond to threats, thereby helping reduce the impact or damage caused by specific threats.

Because endpoints are so often the target of bad actors with phishing attacks etc., for many sites, EDR pretty much does the job. However, XDR is a better solution for many sites because, aside from endpoints, it also provides visibility into the security of every part of an organization’s infrastructure – cloud, mobile, data, etc.

Some organizations have integrated their EDR solution with different point solutions that they may already have to provide the best security solution. With XDR, organizations use a single package that does everything they need for their security.

Benefits of an XDR Solution

The main benefits an organization can derive from using XDR are that they will boast much better protection, threat detection, and response capabilities. IT security staff may see their productivity rise, and the company will spend less on software because they won’t need all the different products that detect and respond to security threats.

Hype

For some sites, their security needs are met through the best-in-breed software linked with an EDR. For them, the biggest risk to their network comes from their endpoints. So long as they have those secured, then going out and spending money on an XDR solution seems like overkill. It seems that vendors are offering them an XDR product that they won’t make the most of and won’t be able to justify the expense.

The other problem is whether any vendor can actually offer an XDR product that can live up to the promises made on their website. Even Gartner suggested that XDR was probably 5 to 10 years away from mainstream adoption. When XDR was first announced, the problem facing vendors was that they didn’t have a product to fit the bill. They needed to combine existing products to tick all the boxes for what customers would expect to find in an XDR product. And the resulting product may not be as easy to use as customers might hope.

The other big issue for some organizations is vendor lock-in. They have been happy in the past using the best tools for a particular job from whichever vendor supplied it. With an XDR solution, they are locked into a single supplier for the whole thing. And that might mean for those organizations that some parts of the XDR product aren’t as good as the application they used previously. Also, being a new product, who is to say whether it will scale up successfully as the purchasing company grows, merges, etc.

Learn More: It’s Time to Add Endpoint Prevention to Endpoint Detection

Reality

The reality is that in most organizations, employees are expected to do more with less. And that’s true with IT security teams. At many sites, that team is just one person and that person is currently responsible for the EDR and associated software. They are also, probably, looking after network traffic analysis (NTA) software that uses network communications as a way of detecting and investigating threats on a network. NTA products may have been replaced by network detection and response (NDR) solutions that monitor communications on a network and use analytics to detect, investigate, and respond to threats.

They may be looking after security orchestration, automation, and response (SOAR) software. These are a combination of security orchestration and automation, security incident response platforms (SIRP), and threat intelligence platforms (TIP). Basically, they collect security data and alerts from various sources and automatically deal with threats.

In addition, our IT security person may well be looking after firewalls and antivirus software, and, perhaps, data encryption software and other security software. Combining everything into a single package makes updates and integration between the different pieces of the software much easier to manage, especially where a myriad of security solutions had been in use previously. Having a single interface to view the various network components also makes it easier for IT security staff to stay on top of security threats. It means that visibility and control across the network, the cloud, endpoints, etc., are possible from a single screen.

Utilizing XDR is meant to provide an organization with better protection of the network, better threat detection, and an improved response to those threats, mitigating their effects as quickly as possible.

With only a single tool to use, rather than multiple separate software packages from various vendors, cybersecurity activities can be carried out more efficiently. This will also help businesses cut costs as they won’t have to use multiple expensive security solutions provided by different vendors.

Bottom line

I imagine that most organizations would jump at the chance to gain an insight into the threats they face across their network, from endpoints to the cloud, and to quickly deal with those threats effectively. There is , however, still some doubt in the industry about whether XDR is the best way to achieve this, and whether the XDR products available today completely live up to the hype surrounding them. 

Do you think an Extended Detection and Response (XDR) solution will give organizations the 360-degree visibility into threats they are looking for? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!