Extended detection and response technologies (XDR) have become a vitally important shield for all companies, according to sovereignty focused data, network and endpoint security company Stormshield.
Stéphane Prevost, product marketing manager at France-headquartered Stormshield, said XDR has become crucial as cyberthreats continue to evolve, taking advantage of the increasing number of entry points into computer systems.
“No organisation is immune to modern threats. Cyberattacks are becoming increasingly sophisticated, sparing neither large enterprises nor SMEs,” Prevost wrote in a Stormshield blog post.
“This is where the implementation of an eXtended Detection and Response (XDR) solution proves to be the most effective response.”
XDR can cover the entire organisational infrastructure, Prevost said, combining complementary offerings such as endpoint detection and response (EDR), network detection and response (NDR) and file detection and response (FDR) for detection, correlation of alerts, automated response, and remediation.
“With these capabilities, XDR delivers unmatched operational protection, enabling efficient security incident management and automated responses,” Prevost wrote.
“The operational benefits of XDR are numerous, including complete infrastructure visibility, swift threat identification, centralised incident control, and automated responses.”
That said, it was challenging to cover off the entire XDR market, which includes endpoint providers, network security experts and incident management players (SIEM/SOAR) and a range of technologies. Prevost suggested that organisations should pinpoint vendors with a comprehensive native yet mixed offering as well as “pure players” in incident management.
“SIEM/SOAR solution providers have traditionally processed vast amounts of data detected across the various systems in the infrastructure,” he wrote.
“However, the response and remediation capabilities provided by SOAR’s technology, and the implementation of playbooks, require integration with security solutions, which calls for a solid understanding of their APIs for effective control.”
Organisations would need a security operations centre team “capable of harnessing” the power of XDR and refining detection quality to clarify alerts for optimum response, Prevost said, although SMB offerings and managed services have also emerged.
The Stormshield whitepaper on XDR solutions can be found here.
( Image by Brigitte Werner from Pixabay )