Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

3 Questions for MDRs Helping to Get Your Enterprise to XDR

An XDR implementation can quickly turn into a very large consulting project requiring significant time and budget

An XDR implementation can quickly turn into a very large consulting project requiring significant time and budget

As cybersecurity professionals we’re accustomed to change. We know that as soon as new attack vectors emerge, threat actors change their approaches to achieve their goals. So, we change accordingly – adding a new security tool or new process as needed. But over the last couple of years, the acceleration of digital transformation, remote work and moving to the cloud have forced security practitioners to take a more holistic approach to detection and response. 

Security practitioners have had to rethink detection to include a breadth and depth of information from disparate systems and sources across the infrastructure in order to better understand and defend against threats. Similarly, they have had to update their approach to response to include all the enforcement points across the infrastructure impacted by an attack. And to support these new detection and response requirements, they’ve had to prioritize and improve how systems and tools work together. As a result, Extended Detection and Response (XDR) is gaining a lot of traction. 

But even more change is afoot. Couple this evolution with the global cybersecurity talent shortage of over three million professionals, and organizations are also rethinking their overall approach to security operations. The promise of XDR is predicated on enabling integration and data flow across the infrastructure for prevention, detection and response. However, many organizations struggle to implement and manage XDR solutions. Even if the XDR solution vendor has great APIs that are “easy” to write to, getting data from on-premises, legacy applications to a cloud platform is a considerable undertaking. An XDR implementation can quickly turn into a very large consulting project requiring significant time and budget. 

So, some organizations choose to outsource a portion or the entire function to a managed detection and response (MDR) service provider that offers XDR as a service. An offshoot of the traditional Managed Security Service Providers (MSSPs) market, MDR is a burgeoning category in cybersecurity services and is forecasted to grow from $975 million in 2020 to nearly $7.3 billion in 2028. Gartner defines MDR providers as delivering 24/7 threat monitoring, detection and response services using a combination of technologies and human expertise. Sounds like XDR is in their sweet spot, right? Ideally, yes. But if you’re considering outsourcing XDR to an MDR company, make sure they have solid answers to the following three questions:

1. How can you cover more attack vectors for companies? Like XDR solutions which initially focused on Endpoint Detection and Response (EDR), many MDR companies did as well. But now the writing is on the wall. Yes, EDR is important but so is telemetry across the network, out to the cloud and across the dozens of existing security tools companies already have, many on-premises and legacy. Data from every tool the enterprise uses is foundational for extended detection and response.

2. Are you able to bring in and utilize the right external data sources for companies? As part of any detection and response strategy, third-party data and intelligence feeds are critical to get a complete picture of what is going on and add context to internal threat and event data. These can include commercial sources, open source, government, industry, existing security vendors – as well as frameworks like MITRE ATT&CK. Leveraging information about attackers, their methods and campaigns, an MDR company can look for associated artifacts in other tools across the enterprise, confirm the scope of malicious activity and identify all impacted systems.

3. Can you get all tools and all teams to work in concert? Whether the entirety or just a portion of XDR services is being outsourced, the ability to actively collaborate with internal SecOps teams to address the proper use cases and workflows is paramount. Additionally, bi-directional integration with all tools ensures actions are performed across multiple systems, the defensive grid is strengthened immediately, and data can be retrieved for continuous learning and improvement. If this isn’t possible in all instances then, at a minimum, processes must be in place from the MDR provider to the internal SOC and vice versa to ensure a comprehensive and coordinated response. 

Advertisement. Scroll to continue reading.

If you are among the growing group of organizations looking to an MDR provider to supplement your security operations with XDR, make sure you consider these three factors. Only when an MDR provider has a deep understanding of how detection and response are evolving and the implications for their services, can they deliver on the promise of XDR. 

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

The Zero Day Dilemma

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...