https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

XDR

XDR: The Answer to Protecting Expanded Attack Surfaces?

  • Written by A.N. Ananth
  • October 6, 2021
The stepped-up threat detection and response technology offers granular visibility across the broader attack surface.
Netsurion's A.N. Ananth

A.N. Ananth

CISOs and cybersecurity practitioners have a problem. Their companies are rapidly moving business-critical applications to the cloud as part of a digital transformation. Also, in response to COVID-19, companies have accelerated the use of cloud-based software-as-a-service offerings such as Microsoft 365, while extending support for flexible work-from-anywhere solutions to employees. Going forward, both steps have become business as usual.

An unintended consequence of these moves is considerable expansion of the attack surface, resulting in new vulnerabilities that financially motivated and state-sponsored hackers alike are happy to exploit. That means stepping up security coverage. Just in time, the security industry is offering up a shiny new acronym as the answer to your problems: XDR, or extended detection and response.

What is XDR, what advantages does it offer, and what are the challenges to implementing it? Answers to these questions will help decision makers determine whether or not XDR is the right solution for their organizations.

What Is XDR?

Let’s start with what XDR is not: it isn’t merely an extension of endpoint security or endpoint detection and response (EDR). Rather, it is an evolution of threat detection and response technology that integrates a broader range of attack surface scope, consuming telemetry from EDR, network detection and response (your security information and event management, or SIEM), cloud detection and response, and from mobile and SaaS environments.

XDR also uses integrated threat intelligence and unsupervised machine learning to do a better, faster job of threat detection. And through automation and orchestration, it serves up actionable intelligence to the analysts in the security operations center (SOC). By correlating alerts and data from across the attack surface and delivering orchestrated response intelligence through a single pane of glass, XDR improves response times while extending coverage.

Advantages of XDR

With XDR, organizations gain granular visibility across the broader attack surface, including endpoints, network, users and both on-premises and cloud infrastructure. Adaptive machine learning, continuous monitoring, threat intelligence and automated response deliver improved prevention and faster event response.

Response is more effective because analysts can trace the attack path, reconstruct attacker actions, locate the attacker and adapt defense actions accordingly. Organizations gain more control by using extended information to inform and tailor block and allow lists. And analyst productivity is improved with fewer alerts and fewer screens to manage.

Implementation Challenges

Managing the very large volumes of data associated with XDR is the leading challenge that organizations face, requiring skills and infrastructure not typically managed by security teams. Normalizing data from the various feeds into a common format for analysis is one data management component, along with building and managing a data lake to make big data available for analysis. Implementing machine learning to correlate telemetry data against internal historical data and threat intelligence also typically falls outside of security operations skill sets.

Establishing and managing new cloud, SaaS and remote user telemetry for XDR, integrating the data with existing endpoint and network solutions, and adding an overlay management infrastructure assumes a robust internal security operations team as well as data management expertise. This “open XDR” approach allows the flexibility of building a best-of-breed security stack or a stack that meets precise, often industry-specific specification, but it carries a higher management overhead. An alternative is acquiring an off-the-shelf “native XDR” solution to run in-house that provides a consolidated and integrated security stack. There are an increasing number of these solutions in the marketplace.

The Role of Managed XDR

Managed (threat) detection and response, or MDR, is well established in the managed security services marketplace. What cybersecurity practitioners and buyers need to keep in mind is that MDR doesn’t specify what threats the provider has within its purview. Existing and prospective customers of managed security service providers (MSSPs) should indeed ask what is “under the MDR hood” and should expect providers to evolve their capabilities to meet today’s cloud- and SaaS-oriented environments.

Will XDR Hold?

As a logical continuation of cybersecurity convergence, XDR is here until it is replaced by the next evolution of technology. The progression is much like what we’ve seen with endpoint defense, in which anti-virus (AV) worked well for years until the bad guys came up with new, nonsignature-based attacks. Legacy AV effectiveness is waning, and it doesn’t help defend against internal attacks. That takes user and entity behavior analytics (UEBA), which has been folded into SIEM and endpoint detection and response.

As adoption of XDR expands, it will become the standard detection and response technology, and MDR services will need to evolve to adopt this technology. By protecting the broader set of attack surfaces, XDR does indeed address post-COVID enterprise environments, including cloud and work-from-home infrastructures.

A.N. Ananth, president at Netsurion, is co-creator of its managed threat protection platform, EventTracker. He is a leading expert in IT security and compliance with over 25 years of experience in IT control and operations. He utilizes his extensive cybersecurity background to consult for many companies on their security and compliance strategies, including auditing policies and automated reporting processes. You may follow him on LinkedIn or @Netsurion on Twitter.

Tags: MSPs Artificial Intelligence Cloud MSSP Insider Security

Most Recent


  • New direction
    Deal to Buy Unify from Atos Seals New Direction for Mitel, CEO Explains
    The deal also includes a role for RingCentral.
  • Momentum
    Microsoft Security Now $20 Billion Business with 'Tremendous Momentum'
    One analyst says there's few legitimate obstacles in its path for further growth.
  • ChatGPT
    Ivanti: Everyone Should be Concerned About ChatGPT and Cybersecurity
    ChatGPT can make it easier to become a cybercriminal.
  • Employee-person-man going out exit door
    IT Nation Leader Craig Fulton Leaving ConnectWise After 16 Years
    ConnectWise experienced massive growth during Fulton's tenure.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Scary hacker
    Ransom Disclosure Act Aims to Help Feds Fight Cybercrime
  • Data Leak
    Amazon's Twitch Suffers Data Leak, Users Called 'Disgusting Toxic Cesspool' by Hackers
  • hacker
    Cybersecurity Awareness Month Begins Amid Cybercrime Chaos
  • Answer
    Congress Wants Answers on FBI Withholding Kaseya Ransomware Decryption Key

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Deal to Buy Unify from Atos Seals New Direction for Mitel, CEO Explains

January 26, 2023

Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap

January 26, 2023

Ivanti: Everyone Should be Concerned About ChatGPT and Cybersecurity

January 25, 2023

Industry Perspectives

View all

Make the Most of the Gift of Time in 2023

January 25, 2023

Strong Partnerships Ease Challenging UPS Upgrade

January 24, 2023

The Advantages of Managed Networking and Security During Economic Uncertainty

January 5, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

Cybersecurity Certifications: Their Evolving Role in the Fight Against Increasing Attacks

December 13, 2022

White Papers

View all

Overcoming Your Endpoint Security Limitations with a Skeleton Crew

October 25, 2022

Embracing the Zero Trust Mindset For Endpoints

October 24, 2022

Endpoints are the Destination

October 24, 2022

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

The CEO of @Mitel discusses the likely outcomes of buying @Atos Unify. Note: @RingCentral will play a role post acq… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@msftsecurity surpasses $20 billion in annual revenue, analysts say it's a formidable #cybersecurity market conten… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

The adoption of cloud-based services ☁️ has spiked in the last few years and is among the top growth segments. See… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

[email protected], @NICECXone, @lumencpp, @CiscoPartners joined @IntelisysCorp and partners for a day of marketing worksho… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@IBM and @SAP announce #layoffs of thousands of employees dlvr.it/ShV2VY https://t.co/7QK1YqVpwa

January 26, 2023
ChannelFutures

#MSPs can boost #Channel business if they personalize the #DigitalExperience for partners, says @AvePoint.… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

Consider mental health in the context of DE&I. Create safe spaces where employees can feel comfortable being who th… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@GoIvanti's CSO says #ChatGPT poses numerous cybersecurity concerns. dlvr.it/ShRmdt https://t.co/n22RZ4PZaO

January 25, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X