Extended Detection and Response (XDR) is touted as the security solution for the increasingly complex modern IT ecosphere. The principle is to extend EDR threat hunting beyond the endpoint and across the entire infrastructure. Cybereason has announced a partnership with Google Chronicle – the latter to provide ecosphere data, and the former to provide the threat hunting capability.
Yonatan Striem-Amit, CTO and co-founder at Cybereason, explains the concept: “Over the last 18 months the old paradigm for what a network looks like has completely changed. Now IT professionals need to secure an insanely complex and heterogeneous environment,” he told SecurityWeek.
“To be effective today, an analyst needs to understand endpoint threats, and network threats, and IoT threats,and e-mail, and SaaS and cloud and its services and infrastructure. Securing all of those with disparate tools becomes an incredibly complex problem.”
For an EDR solution to become an XDR solution, it requires a combination of first accumulating data from the existing IT security stack, and then extending the EDR data analytics to also analyze the accumulated data.
Cybereason has partnered with Google Chronicle to provide the data accumulation. And it has extended its MalOps analytics engine to examine the wider set of elements, such as email, SaaS solutions, and cloud. Cybereason XDR is no longer the first source of the data. Best of breed solutions can onboard their data into the new system and the customer gets the best solution from Google, SIEMs, and other tools combined with Cybereason’s hunting engine.
“We expanded the engine,” says Cybereason, “but the core fundamentals remain the same. The same MalOps engine, the same ability to hunt across the stack, the same ability to find complex stories and complex attack story lines no matter where they started or how complex or expanded they are – we can capture it all and respond to them in one click.”
“By combining forces with Google Chronicle, we take Google’s 20+ years of understanding how to index and extract value from data and map the world,” continued Striem-Amit. “We’re bringing Cybereason’s analytics engine – our ability to bring the operational centric approach – to find and recover threats and provide the complete end to end story. The combination of our XDR engine and Google Chronicle allows us to prevent, automate, detect, and respond to threats across the entire IT landscape within one system. It means that hackers can no longer hide between the seams.”
According to XDR proponents, the need is real and pressing. Over the last year there have been dozens of major attacks, from SolarWinds to the attacks against Microsoft Exchange Servers, and crippling ransomware threats from DarkSide, REvil and others.
“These are not just an asset-based attack,” Striem-Amit said. “The attackers are no longer playing within the same old assets they and defenders used to play in. It’s no longer an endpoint problem separate from a network problem separate from a security policies problem. But by using Google’s ability to bring data from all these sources and make them accessible and normalized at the scale that only Google can deliver, and then combining that with Cybereason’s XDR hunting engine, we can deliver our operational centric approach, with our MalOps engine, throughout the stack.”
The Cybereason/Google partnership was announced at Google Cloud Next ’21.
“Google Cloud is dedicated to delivering the industry’s most trusted cloud to accelerate customers’ digital transformation efforts with security products that meet them wherever they are. Cybereason continues to disrupt the market and deliver on their vision for a future-ready extended detection and response defense platform,” said Thomas Kurian, CEO, Google Cloud.
If you believe in Cybereason’s EDR, then Cybereason’s XDR, partnered with Google Chronicle, delivers the same capabilities across the entire IT stack.
Related: XDR is a Destination, Not a Solution