How open XDR architecture is meeting the needs of buyers who want to be future-ready Monday, August 8, 2022 By: Stacy Leidwinger, VP of Portfolio Marketing
According to a recent Wall Street Journal (WSJ) article, more than three-quarters of cybersecurity professionals want their vendors to deliver open, interoperable solutions. That’s because making sense of data generated by their diverse tools—which range from endpoint monitoring to active threat detection—is, as Information Systems Security Association (ISSA) president Candy Alexander put it, “like trying to drink water from a fire hose.”
We at Secureworks® couldn’t agree more. In fact, that’s exactly why we created Taegis™ XDR. Taegis XDR is an open XDR platform that was built with the express purpose of being an open, Extended Detection and Response (XDR) solution. This “openness” is how we bridge the gap between different security technologies – and maximize our customers’ existing investments – ingesting telemetry from a wide array of endpoint, cloud, network and business application monitoring tools to empower customers with the ability to respond to threats quickly. The ability to integrate all the telemetry present across every corner of the environment is central to the ability to effectively fight threats. And yet, even within the XDR market, many security vendors still restrict users to an exclusive stack of solutions. We know that in order to protect our customers best, we must do things differently.
Let’s look at three important ways that Secureworks’ Taegis XDR’s openness benefits those of you who are facing the very same challenges discussed in the WSJ article.
- The open question. When you invest in an XDR solution, you want it to be capable of accepting telemetry from any source anywhere across your environment. That’s kind of the whole point of XDR: to eXtend your Detection and Response beyond your endpoints alone, to include your cloud deployments, network connections, applications, and any other assets not covered by traditional EDR.
Unfortunately, as Netflix head of information security Jimmy Sanders explains in the article, many vendors’ offerings don’t provide source-agnostic data aggregation. Many XDR vendors simply expect you to use their monitoring products — and/or monitoring products from their narrow list of approved partner vendors — to pull security-relevant telemetry from your environment. The result can be missed threats hiding in systems that aren’t monitored centrally, or overtaxed personnel who still have to swivel chair between unconnected systems.
This closed approach to XDR doesn’t make good business or security sense. You should be free to implement any monitoring tools you desire, based on your own preferences regarding features, functions and price.
And with Taegis XDR, you can do exactly that. Our pre-built integrations and open application program interface (API) empower you to input any data feed you require. We naturally have some preferences when it comes to data feeds, because we have a lot of experience and expertise in threat hunting — so we have fact-based recommendations about what works and what doesn’t. But we don’t arbitrarily restrict your choice of telemetry feeds. That would just be silly.
- The economics of XDR vs. SIEM. Some users are aggregating your security-related telemetry using a SIEM platform. And, historically, this has made sense — because SIEM technology was designed from the ground up as an open, source-agnostic means of aggregating security data.
As you make the change to open XDR, you may notice your organization’s needs for SIEM changing or even diminishing. Especially for larger enterprises with budgets to collect and store log data, primarily for compliance purposes, SIEM still has a purpose that can live alongside other response-oriented solutions. But XDR collects and stores security-focused telemetry for rapid detection and response, correlating disparate data, prioritizing alerts and triggering response actions in ways that a SIEM simply can’t. Plus, Taegis XDR includes retention of your security telemetry for one year, with longer periods available. The difference is clear: Open XDR delivers far greater value than a SIEM solution by correlating your disparate data in ways that enable you to quickly spot and respond to active threats in your environment.
SIEM, in stark contrast, is a data repository that offers no added value in terms of algorithmic analysis. Worse yet, because SIEMs are typically licensed based on data volume, your SIEM ownership costs can keep growing.
So, while you may have other reasons to hang onto your SIEM for a while—such as its convenience as an audit/compliance reporting tool, SIEM does not deliver what open XDR does when it comes to true cybersecurity. And in fact, you may ultimately be able to shift your SIEM costs from your cybersecurity budget to compliance budget – freeing up your budget to make worthwhile investments like XDR.
In other words, open XDR does not just enhance your ability to find and kill threats. It also positively transforms the economics of cybersecurity.
- The threat intelligence connection. Lest we forget, the main reason you want to aggregate and correlate your environment’s telemetry into a highly intelligent XDR platform is to more quickly, consistently and confidently detect and quickly respond to any malicious activity occurring within your environment. This is a must. It’s important because no environment is 100% impermeable — but also because the more time you give cybercriminals to probe and move around inside your environment, the greater the likelihood that they will eventually hit “paydirt” and cause your organization real harm.
It’s therefore not enough for your XDR to simply be open. It also must be successful at making logical connections between the data points it collects and the “data breadcrumbs” that may be evidence of a particular type of attack.
This means, in addition to being open, your optimal XDR will also have 1) a great source of threat intelligence and 2) an exceptional ability to algorithmically associate disparate “data breadcrumbs” with the known traits of specific threats.
And here is where Taegis XDR really shines. We are constantly converting our world-class threat intelligence into algorithmic detectors that can quickly discern the indicators of an attack—without generating the high volume of false positives that characterize most other high-sensitivity threat detection.
So, we are not offering you openness instead of detection smarts. We are offering openness that perfectly complements the detection smarts that drive your XDR requirements in the first place.
Thanks, Wall Street Journal! We’re glad you’ve highlighted the importance of data-agnosticism in cybersecurity.
“A lot of security professionals are just confused. They feel like there’s too much hype in the industry, not enough market education, not enough really working with customers,” says Jon Oltsik, senior principal analyst at ESG and author of the report that the WSJ article was based on. It’s a sentiment that we at Secureworks agree with – and why we’re here to provide education on this topic and how Taegis XDR can cut through the confusion.
Forrester Research published a recent XDR opportunity snapshot that sheds even more light on the potential of XDR to empower businesses in a new and unique way. Download the report today to learn more about the value organizations are receiving from XDR.
To Defend your Corner of Cyberspace.
You Might Also Like
originally published onhttps://www.secureworks.com/blog/wall-street-journal-cybersecurity-buyers-want-open-solutions