You Are Not Alone If You’re Unclear About Extended Detection and Response (XDR)

Credit: Getty Images

Most understand XDR as the evolution of endpoint detection and response (EDR) that covers the areas of the attack surface beyond the endpoint, including assets like cloud workloads, containers, and user identities.

Others believe XDR is a technology overlay supplementing existing security controls and SOC technology by collecting, processing, analyzing, and acting on security telemetry from numerous sources. While still, others believe XDR to be a new technology tuned to detect sophisticated attacks.

The funny thing is, none of these folks are wrong.

Defining XDR –There's No Ignoring XDR

Stephan Tallent, Stellar Cyber
Author: Stephan Tallent, Stellar Cyber

According to analyst firm ESG, more than two-thirds of organizations expect to make XDR investments in the next 6 to 12 months. However, much confusion comes from how vendors refer to XDR, making buying decisions challenging.

There are two varieties of XDR today, as I see it: Open XDR and Native XDR. Looking at it this way helps us put it into context and help define an MSSPs strategy for adding XDR (or Open XDR) to their service portfolio.

First, Open XDR is tool agnostic and can ingest data from any security, IT, and productivity product using pre-built integrations. Once ingested, enriched, and analyzed, Open XDR automatically correlates alerts into investigation-ready, prioritized incidents.

Compare this to Native XDR, which aligns with other tools in the vendor portfolio, and integrations with their tooling first and foremost. This approach can offer pre-built integrations between security tools under the banner of a single vendor. Still, integrations with other products may lack capabilities and future enhancements.

Native XDR might have an advantage in a straightforward buying process but is not a good fit if partners are wary of vendor lock-in, or the vendor has a poor track record of integrating with other products.

Open XDR allows security teams to choose best-in-breed vendors across the attack surface, making Open XDR the best choice for most MSSPs.

Open XDR vs. EDR, SIEM and SOAR

While SIEM, EDR, and SOAR products are staples in many security tech stacks, few security teams are getting the desired security outcomes. With Open XDR, security teams can modernize, integrate, and automate security operations processes, eliminating time-consuming manual tasks and driving up productivity for the entire security team. In addition, Open XDR automates root cause analysis and expansion of these telemetry sources to add context for a complete understanding of the scope of an attack.

Open XDR and MSSPs

Open XDR as part of a managed detection and response (MDR) or managed extended detection and response (MXDR) service offering should enable service providers to deliver more impactful customer results.

Since Open XDR correlates security alerts with telemetry from other IT and productivity tools, analysts using Open XDR gain greater context into threats beyond what they can see from a SIEM alone. As a result, Open XDR can automate root cause analysis and enable analysts to detect threats and respond faster than with manual investigation required by EDR, SIEM, and SOAR tools. In addition, Open XDR lowers the barrier to threat hunting, making the task fast from a single view.

These are just a few of the high points around Open XDR and the advantages this approach can provide MSSPs and their customers in contrast to tools like SIEM, SOAR, and Native XDR.

This five-minute product tour to learn more about Stellar Cyber Open XDR and get more details here, or you can reach out to the Stellar Cyber MSSP Team to see how Open XDR can benefit your organization.

Guest blog courtesy of Stellar Cyber. Read more Stellar Cyber guest blogs hereAuthor Stephan Tallent is global vice president, Service Providers, at Stellar Cyber. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.