Managers of MSSP cybersecurity teams face many challenges, including the growing number and complexity of threats, tight budgets, a shortage of security analysts, and overworked teams who are frustrated by high volumes of alerts. Analyst teams have struggled for years with the philosophy of using a dozen or more discrete security tools to hunt for and resolve threats, but it’s not working. The challenges seem to grow each year. And these challenges impact business growth and margin!The philosophy behind XDR (eXtended Detection and Response) is different. Rather than seating analysts at separate consoles that detect small parts of security problems and leaving it to humans to correlate the data, XDR platforms consolidate inputs from all those tools, correlate the data, and display it on one screen, making it easier to see and handle incidents occurring anywhere across the attack surface.Further, XDR platforms typically incorporate AI processing to recognize and (in some cases) automatically respond to threats, which significantly reduces the flood of alerts analysts must deal with.XDR thinking was a major step forward, but there are challenges with it as well. As a proprietary product, its various components all come from the same company. Companies that are good at EDR or SIEM essentially build on those foundations by adding missing pieces such as NDR and TIP.
Guest blog courtesy of Stellar Cyber. Read more Stellar Cyber guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.
One problem with this is that buying into the XDR platform usually means abandoning existing investments in other companies’ tools, and some of the new XDR platform tools aren’t as effective as the ones they replace. No company can be a technology leader in every category. Another challenge is having to retrain one’s analyst team on the new tools which, in some cases, can take weeks or months.