In a new 12-minute video Rakesh Shah AVP Product Management and Development of LevelBlue Cybersecurity, explains Extended Detection and Response (XDR). This video was part of the virtual Black Hat USA event in August. It’s not product-specific and explains what can be a very confusing concept in a delightfully simple way.
XDR and why we need it
XDR brings together multiple different data sources – the network, endpoints, cloud and third-party data. Driving the need for XDR above and beyond previous approaches is that companies are drowning in defense-in-depth. Companies have multiple disparate security point products creating an overwhelming number of alerts. This leads to difficulty in conducting investigations.
XDR business value
XDR protects your investments in best-of-breed security products while increasing efficiency and orchestration to make it all work together better. Efficiency in security operations lets you detect, respond, and recover faster.
So, what is XDR? It’s about detection, incident response, and automation. It’s a new approach that lets you bring together best-of-breed products and focus on the outcomes you want. Add in managed services, and you get to Managed Extended Detection and Response (MXDR) – the good life!
Open XDR
With an open approach, enabled by APIs, there’s no “rip and replace” of existing point products. Instead, best-of-breed products can be integrated, with deep API integration. This allows you to:
- Normalize raw log data
- Collect and enrich log data
- Perform threat analysis
- Coordinate response actions
- Provide security orchestration and automation
- Allows access to built-in dashboards for your security point products.
Check out Rakesh’s video: