What is XDR
I made it the gym last week, trying to find time to work on some new year’s resolutions. As I usually do, wanted to get some cardio in first, so I hit the stair machine. As soon as I started moving, I saw a very ominous commercial on the monitor placed right in front of my face. The video looked like something out of the Matrix, only with more fear and darkness mixed in. My interest was piqued, it was clearly a commercial for some sort of cyber security solution. Note, there was no sound in the gym, so they had me guessing until the end when they revealed it was for Cybereason XDR.
Tech commercials are very interesting to me – love when I see an IBM advertisement where they drop 15 straight tech cliches into a quick message. It’s especially funny, as the target audience that they are going after is probably only .001% of the general population. How many Directors of IT or CISOs do they expect to build rapport with these commercials?
XDR, is a relatively new term that is being widely marketed throughout the IT landscape. The truth is, almost no one watching that commercial has any clue what they are talking about, but the message is clear; this is a cyber security tool for the people that need to defend their networks. This blog will explain exactly what XDR is and why it’s one of the hottest terms in the IT space today.
XDR is an acronym for Extended Detection and Response. It fits in with other similar tools such as EDR (Endpoint Detection and Response), and MDR (Managed Detection and Response). These are all modern security tools that help apply security measures with software that removes a lot of the more common manual management practices. For the most part, XDR and MDR are the same type of solution.
In normal IT operations, all endpoints (PCs, Laptops, Servers) all get Anti-Virus software installations. This is simply a way to protect your investments from anything malicious in the world. In the business space, modern AV will do a lot more than it would 20 years ago. Today, administrators have a window into an ecosystem that helps oversee managed threats that might be trying to get into your network or identify threats that have already gotten in. Traditional AV is an absolute requirement, but still not a proactive way of managing security.
For more advanced needs, companies have leveraged expensive tools such as SIEMs (Security Information and Event Management) to pull logs from every machine in the network. These logs are then centralized and siphoned by importance so that a team can keep their eyes on any anomalies that can help identify threats. This would be a proactive way to fight cyber threats. SIEMs are great for complex networks as they can ship logs from everything including computers, switches, firewalls etc. The trouble is, they are expensive, complex and labor intensive. Most companies that leverage a SIEM have some sort of SOC (Security Operation Center) that is manned by a team, specifically to watch these logs.
A SIEM is generally used when a mature business has some of the following needs:
- Mandate for Regulatory Compliance (SOX, NIST, HIPAA etc.)
- Critical infrastructure with 100% uptime and hosting public data
- Concern about external hacking or malware intending to steal company data or IP
- Concern about internal sabotage or theft of company data or IP
- Wanting to follow best practices for strong cyber security posture
Running a SIEM and a employing a dedicated staff is not exactly a fit for all business. So, when there’s a hole in product offering, an opportunity is created. From this hole, EDR, MDR/XDR are created. Let’s take a look at what EDR and XDR actually do:
EDR (Endpoint Detection and Response)
EDR is a tool that can monitor and collect data from endpoints within a company network. It is very similar to what a SIEM can do, but just a much more easily deploy-able solution. Think of it as an Anti-Virus type solution that enhances the visibility of your network down to the logs. The logs are sent to a centralized portal where security focused administrators use the data to try and uncover inconsistencies. The system is trained to look for specific things and a human eye must be involved to help recognize data patterns and then remediate the problems.
XDR (Extended Detection and Response)
XDR is a step up to EDR. It has all the same features, but it adds the human layer as a service. XDR tales everything that EDR has and layers on a SOC type service on top of it. That means, you get all the data, logs and reporting; plus, you have a team of security professionals watching and reporting. The benefit here is that your business does not need to invest into human capital to achieve high levels of cyber security. In simple terms, XDR is a managed services that is layered over an EDR software.
Does EDR/XDR replace SIEM?
The short answer is no. A SIEM is extremely robust and can pull data from non-computer endpoints such as switches, wireless access points, firewalls – really anything digital. A SIEM is not always a suitable solution for a lot of businesses, it’s designed for mature, large-scale operations. EDR/XDR fit the space for small, less complicated operations that want to improve their security posture. It is also possible to run XDR and a SIEM in tandem, the two solutions can certainly complement each other.
Compliance
Cyber Security and Regulatory Compliance are very much tied at the hip. Businesses that need to comply with specific frameworks like HIPAA, NIST, FDA etc., all must take cyber security measures and policies into account. Being able to analyze logs in real time is almost always a requirement. For a long time, a SIEM was the only option for this. Over the years, compliance has expanded and now much smaller organizations with smaller budgets must play by the same rules as larger organizations. For the most part, EDR/XDR will help them check those regulatory boxes.
How Mindcentric Leverages EDR/XDR
There are a lot of options for XDR, pretty much everyone is offering this solution today. From a management perspective, Mindcentric can manage them all while mitigating security issues. Because we are a Sophos partner, we like the Sophos EDR/XDR options. Since our clients are already using Sophos Firewalls, Wireless Access Points and various other software tools, we can simply complete the ecosystem and deliver a full solution that watches over everything.
To learn more about how Mindcentric can help with your XDR initiatives, contact us today to set up an initial complimentary consultation.