What to consider when augmenting your SOC operations with an XDR solution Thursday, April 28, 2022 By: Eric Hemmendinger, Senior Consultant Product Management
As a SOC leader, you need to navigate the constantly evolving threat landscape and deal with attacks inundating your organization. Historically, the response has been to turn to more point security products, try and augment and up-level staff, and justify current and proposed spend. Unfortunately, disparate point products typically don’t play well together. Hiring and retaining security personnel is more difficult than ever, and the ones you do have are likely overwhelmed trying to stay ahead of alerts while managing all of those different point products. Finally, budgets simply aren’t infinite.
Extended detection and response (XDR) offerings have entered the picture to help address some of the key issues that keep SOC leaders up at night. But whether you are looking at building or upgrading your SOC operations around XDR, or looking for a vendor that can provide managed detection and response leveraging XDR, there are several key attributes that need to be taken into consideration. These considerations center around the capabilities, fit, and reputation your prospective XDR solution brings to the table.
CAPABILITY
- Scale: Can the vendor’s platform handle the data volume you have and detect threats in a timely fashion without regard to data volume? Cloud-native platforms designed to scale up in response to compute and storage demands are the state of the technology.
- Keep Up with Threats: Can the vendor iterate to address emerging threats? A proven track record of continually expanding detection capabilities to keep up with innovative threat actors is paramount. For instance, can they detect manual hands-on-keyboard activity trying to evade detection, but which could lead to devastating results?
- Alert Prioritization: Does the vendor solution automatically validate and prioritize alerts so that analysts can identify and focus on the most critical issues?
- Tuneability: Can the solution be tuned to quiet alert types that you are not interested in? And is tuning something that you can do, or does the vendor have to do it for you?
- Threat Hunting: Can the vendor perform threat hunting? In today’s environment, passive detection isn’t enough, and the vendor should be able to help you proactively search for cyber threats that could otherwise remain undetected in your network.
- Automation: Does the vendor offer automated response actions? Having trusted, pre-defined actions that are automatically initiated in response to specific cyber threat activity lightens the load on your staff while providing timely protection.
- Expert Access: Does the vendor provide easy access to security experts in near-real time? Being able to reach out to a security expert via chat within the XDR console eliminates the need to schedule interactions or wait for a response from a small team.
FIT
- Open or Closed: Can the vendor ingest data from the various security and network solutions sources you have in place? How does the vendor respond to uncommon data sources?
- Flexibility: Can the vendor meet you where you are on your security journey? Do they provide options for extended data retention, IR services, and choosing between self-managed and vendor-managed?
- Context: Does the vendor provide curated threat intelligence as part of the solution? Quick and direct access to in-depth threat intelligence helps with context, improves detection capabilities, and enables faster response.
REPUTATION
- Experience: How much direct SOC operations experience does the vendor have? How was their XDR solution created? Is it an EDR solution with a bunch of bolt-ons, or was it purpose built? Was it built based on direct experience or a best guess of what a SOC needs?
- Vendor track record: How responsive is the vendor to customer needs? What does their support model look like? How quickly do they address bugs? Are new features being added providing strong customer value?
- Industry awards: Has the vendor been recognized for its XDR or Managed XDR offerings? What other areas is it well known for?
- Outcomes: How does the vendor ensure that you are set up for success? How can they help you measure outcomes of implementing an XDR solution?
Improve SecOps effectiveness and efficiency. Experience the power of Taegis™ XDR.
Extended Detection and Response is a relatively new and exciting offering in the security space. However, not all XDR offerings are created equal, and finding the right fit for your unique environment is critical to ensuring your organization’s bolstered SOC operations.
Secureworks® Taegis™ XDR provides prevention, detection, and response capabilities to organizations who need to reduce risk, maximize their existing security investments, and fill their talent gaps. Taegis XDR leverages the Taegis cloud-native platform, which continuously gathers and interprets telemetry from proprietary and third-party sources, including endpoints, networks, cloud, and identity systems, to automatically identify and prioritize threats to enable faster, more confident responses with time- and cost-saving automation.
You Might Also Like
originally published onhttps://www.secureworks.com/blog/soc-operations-the-xdr-attributes-that-matter