According to analyst firm Gartner, Extended Detection and Response (XDR) is “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.”
So, how to understand the value or business case for deploying an XDR?
Let's dig in:
1. Vendor-Specific and Multiple Security Products:
One may argue that there are companies which provide everything in security to meet all the needs of a modern and traditional enterprise. But, it may not be the case all the time. Enterprises have specific security products from select companies because one product is better than the other in delivering a certain security or a risk mitigation function. One vendor offers better support/service/relationship value, few vendors provide better integration opportunities with multi-cloud platforms/APIs/SIEM/SOAR/DevOps tools, one vendor may provide better security for the mix of apps and types of users that are supported by the CISO/CIO organization and deployed in the enterprise etc.
2. CISO's security strategy:
A CISO's security strategy may demand that he deploy vendor-specific products and multiple security products because of above reasons in order to confidently support his organization as one vendor might not be able to satisfy all the needs of a CISO.
Exercise:
Find GTM messaging and positioning statements based on point 1 if you are marketing an XDR solution to select verticals or customers.
3. Cohesive Security operations:
This is an interesting phrase and has business and functional value. Kind of falls into zero trust philosophy.
For example - Let's say there are 7 doors and 10 rooms in a home. 5 people are staying/renting in your home at any given point of time by paying rent and they can only enter into the home via 5 different types of doors with 5 different entry mechanisms. Each person shares few common keys to enter into some rooms, while some people have specific keys for specific rooms only.
How will the owner ensure that people do not intrude into other rooms that they are not allowed to go into? How will the owner ensure that a renter did not tress pass into restricted areas? With this level of complexity, how can the owner of the house control the codes of the doors every time old tenants vacate, and new ones come in from a central location or through software in a unified fashion? How will the owner monitor all the entry and exit points in a unified fashion? Having that united or cohesive view of everything from a central location to perform unified security operations can be a challenge. Owner doesn't want to trust anyone. Zero trust - whether the renters are family members or outsiders.
4. Applying the above example to XDR:
Similarly (Just like the above home example), different types of users like employees, partners, government personnel, contractors, auditors, and other types of users may be provided with different levels of access to specific resources and common resources in an enterprise. Resources can be apps, endpoints, business systems across clouds, and networks etc.,
So, how can a CISO be confident that he is doing his best to protect enterprise users and resources in the event of an attack or a breach? How can the CISO build security resilience to handle breaches? Will he be able to track down what data got leaked in the event of a breach? So, threat intelligence, threat mitigation, and threat response mechanisms must be in place to achieve early detection and response with near zero false positives. How can the CISO regularly audit transactions so that the enterprise is not violating any compliance mandates? All these questions to a large extent are answered by adopting XDRs cohesive security operations functions and capabilities. CISO doesn't want to trust anyone in the organization, both internal and external users - Zero trust.
Conclusion: Same thought leadership or the logic mentioned in points 2 and 3 can be applied even If the enterprise has endpoints and resources spread across multiple clouds and private branches. The mind map for a CISO might expand, risk can be broader and deeper, and there could be more complexity. But XDR can address those issues.
コメント