Optimizing XDR Through MSSP Collaboration

Michael Vaughn

Having a strong, effective security stack can help protect an organization’s data. While some believe this is achieved by activating numerous security solutions, having too many tools at a security team’s disposal can transform into organizational kryptonite.

Security stack overload creates internal challenges and distracts from the primary business mission. One of the best ways an organization can protect itself from security threats, while also achieving business goals, is to work with a managed security service provider (MSSP) to manage an extended detection and response (XDR) solution. This can improve security coverage in busy and complex environments.

Defining XDR and Its Benefits

Similar to the way secure access service edge (SASE) combines several network security protections, XDR combines network and endpoint detection and response capabilities with endpoint protection and security orchestration, automation, and response (SOAR). This approach to threat detection pays close attention to even the smallest details, monitoring network activity widely and ensuring endpoints are protected from threats.

Extended threat detection and response solutions provide protection, detection, and response across the security ecosystem, in addition to allowing users to expand their service catalogs and increase revenue with essential security and compliance offerings. By utilizing XDR, business leaders have access to a broad inherent toolset that enables partners to deliver on their promise to protect their customers’ networks, endpoints, cloud infrastructure, and cloud applications as they navigate dynamic environments.

The Importance of Intelligence

Implementing XDR-as-a-service also supports scalability, which allows for better responses to emerging threats. With that said, this can quickly become too complicated for a single security team to manage. One tangible and immediate way to simplify security is to enlist the aid of an MSSP. These experts understand how the tools work and have experience installing and running a variety of products and platforms in different business verticals.

In addition to having security expertise, threat intelligence is critical for accurate detections and reducing false positives. Machine learning and security analytics can help correlate the data and provide context so threats that can be identified faster and more accurately. However, given the ever-changing nature of the cyber threat landscape, business leaders need to be certain that their XDR solution, and, more importantly, their MSSP, can discover infrastructure and tools used by threat actors to host their operations and launch ransomware and other sophisticated cyberattacks. Using this approach of concentrating on threat actor tactics, techniques and procedures (TTPs) provides early-stage, more predictive identification of threats. This means higher-fidelity detection of evolving threats. Such threat intelligence is a key element in minimizing the margin of error in threat detection.

Choosing a Vendor

When implementing security tools, one of the main decisions business leaders make is to decide whether they want to lock in with one vendor or opt for a multivendor integration. One approach to addressing security tool complexity is to go “all-in” with one vendor. Because one vendor’s tools are all designed to work together, many believe that standardizing one vendor’s approach across an organization is the optimal approach. However, often one vendor’s products are a collection of acquired technology versus an integrated solution, and road maps for consolidation frequently stretch to the horizon.

Another approach to consider is an open XDR solution. This approach brings together two important existing solutions: advanced security information and event management (SIEM) platforms with correlation engines, and endpoint detection and response agents. They also have deep integrations with third-party tools such as firewalls, SaaS/IaaS clouds, SASE solutions and more. These integrations make responding to incidents and automating responses quick and easy. With this approach, business leaders are free to choose best-in-class security vendors with the confidence that they can be used together without needing to replace an entire technology stack.

Although many of today’s security challenges don’t have quick fixes, choosing products and services that offer smooth integration to current technology and the flexibility to mix and match critical components is the best step to take toward simplifying them. Detection and response solutions have significant learning curves and, because of this, relying on MSSPs is an optimal approach for organizations to feel confident that professionals are protecting their networks, while also realizing cost savings. Once the right XDR solution and MSSP provider are identified, they will drive efficiencies in security operations in finding and addressing continuously evolving security threats.

As product manager for the global MSSP and channel at AT&T Cybersecurity, Michael Vaughn oversees strategy for the USM Central platform and partner program. You may follow him on LinkedIn or @attcyber on Twitter.