Keep network edges secure with the move to digital via automated security detection and response.

Jon Bove, VP, Americas Channels

March 26, 2021

7 Min Read
XDR
Shutterstock

Bove-Jon_Fortinet-150x150.jpg

Jon Bove

Digital innovation has been a critical business driver for most organizations, especially over the past 12 months. Now, following a year of high-profile ransomware and other cybersecurity incidents, many organizations are recognizing the exposure this innovation has created. Specifically, new work styles, increasing cloud delivery of applications and support for on- and off-network access has created a host of edges that need to be secured, including the edges of the wide area network such as SD-WAN, edge computing and LAN edge.

However, before acquiring even more security products designed to meet these mounting challenges, many security leaders recognize that complexity is already one of the leading challenges in cybersecurity.

This has led many businesses to reconsider their security strategy. In fact, according to a recent survey by Gartner, 80% of organizations are either currently or planning to consolidate vendors into an integrated solution set that is more manageable and effective. As they exist today, these tools typically work in isolation, keeping information separate between various controls or consoles. This means that security teams are left to manually coordinate events, a task that is often time-consuming and labor-intensive. Threats can fall through the cracks, ultimately going undetected and unresolved.

Value of Extended Detection and Response (XDR)

To stay ahead of today’s advanced threats and address the challenge of cybersecurity complexity, customers must have comprehensive visibility and control across their distributed networks. A major drawback of many security solutions is that their capabilities are often limited in scope, and even those with broad scope lack integration and automation. An emerging security concept being adopted by security teams to help fill this gap is extended detection and response (XDR). XDR is a “unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components,” according to Gartner.

For partners, XDR solutions create an opportunity to offer customers a differentiated approach to what have been traditionally independent security categories – network security, endpoint security, email security and cloud security. Through a consolidating principle such as XDR, individual security solutions can see, share and analyze data, which helps teams more easily detect threats and guide a coordinated response that spans the entire attack surface.

Why Most XDR Solutions Fall Short

Extended detection and response presents an opportunity to combine multiple product solutions into an integrated system that focuses on detecting, investigating and responding to evolving threats. There are three challenges in accomplishing this.

The first challenge for many vendors is that their solutions fail to cover the entire attack surface, covering one or a few different attack vectors such as endpoint, cloud, email or network individually. The value in XDR lies in its ability to combine multiple solutions.

Another challenge is that though vendors may offer a full range of security products and solutions, those components may have been acquired individually over time and are loosely integrated. As a result, it’s a heavy lift to normalize and correlate security information from the components, which leaves little development resources for higher-value analytics and automation. Rather than providing a cohesive system in such situations, XDR instead loosely compensates for the platform’s inability to interoperate.

Investigation is the third challenge organizations typically face when choosing an XDR solution. If an XDR solution only focuses on detection and response, it leaves investigation on the shoulders of security analysts. An effective solution should autonomously perform a thorough investigation to determine a threat’s validity, nature and scope, freeing cybersecurity professionals up for higher-priority initiatives.

Key Considerations When Choosing an XDR Solution

Three key considerations to keep in mind are …

… extended detection, extended analysis and extended response.

  • Extended Detection: An effective solution should be able to leverage various security data across multiple sources to detect potential incidents. By collecting and analyzing information across a broad range of threat telemetry, raw data can be transformed into actionable insights. From there, the intelligence gathered can be used to inform future decision-making on how to respond to and mitigate threats.

  • Extended Investigation: One of the leading benefits of XDR is extended analysis and investigation. If a threat is identified, there are many steps to take and questions to ask before deciding on potential next steps. It should be determined whether the threat is real, the scope of its potential impact and whether it could indicate a larger issue.

This task normally falls on the shoulders of the security team. However, many teams are simply not equipped to efficiently manage every alert that comes in due to the overall rise in threat and alert volume, as well as the ever-expanding cybersecurity skills gap. To conduct the investigation, someone from the security team must go in and look at the potential threat – in its full lifecycle and set of components – verify its nature and scope, and then decide on the best course of action for remediating said threat. This is not a quick or simple task, and it can take up much of the security teams’ valuable time and energy that would be better spent elsewhere.

An XDR solution that leverages artificial intelligence can speed this process. With an AI system that is trained to automatically investigate alerts in a matter of seconds, teams can verify the full context of an incident and carry out an extensive examination. From there, the system should be able to automate response based on the specific nature and severity of each threat. A solution like this not only frees up valuable human resources but also lays a foundation that can scale and adapt to meet an organization’s changing requirements.

  • Extended Response: Partners should look for an XDR solution that can support all resources available for executing an automated and coordinated response. This allows the system to contain incidents at machine speed and reserve security expertise for oversight, broader risk assessment and fundamental improvements to security posture.

Taking Advantage of the XDR Opportunity

Currently, endpoint security is valued as a $10 billion market, projected to increase to $18.6 billion by 2025. Extended detection and response enables partners to deliver a highly differentiated solution to drive business and take advantage of this market opportunity. However, as new solutions emerge, it’s important to be aware of the key capabilities of an effective XDR technology tool.

The first step is to assess suitability of a fully automatable detection, investigation and response system like XDR for the customer, as compared to a more customizable solution based on security information and event management (SIEM) and security orchestration, automation and response (SOAR) tools. Customers with limited security teams, tools and process are a good fit for XDR. By contrast, those with robust staff, skills and process might be better served by a SIEM or SOAR solution that can fit their specific way of handling security.

The second step is to understand the full scope of capabilities – ensure you know specifics about what the solution can or cannot do. Determine how it can support ongoing initiatives and digital innovation led by the addition of new cloud platforms, an expanded SD-WAN infrastructure or newly deployed edge devices.

Lastly, consider the overall cost and return on investment of the solution. This can be determined by aligning the technologies’ functions and requirements with the technologies and resources you’re already utilizing.

By choosing an XDR solution that can meet these core requirements, partners can help customers improve security posture and optimize operational efficiency by allowing teams to dedicate their time and resources to higher-value contributions. This can help drive your customers’ security strategy and stay ahead of a digital marketplace that is rapidly introducing new risks and growing in complexity.

Jon Bove is the vice president of channel sales at Fortinet. He and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the U.S. A 17-year veteran of the technology industry, Bove has held progressively responsible sales, sales leadership and channel leadership positions. Follow @Fortinet on Twitter or Bove on LinkedIn.

Read more about:

MSPsChannel Research

About the Author(s)

Jon Bove

VP, Americas Channels, Fortinet

Jon Bove is the vice president of channel sales at Fortinet. He and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the U.S. A 17-year veteran of the technology industry, Bove has held progressively responsible sales, sales leadership and channel leadership positions. Follow @Fortinet on Twitter or Bove on LinkedIn.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like