MSSP Advancements • 6 MIN READ
XDR -Security Jargon or the Real Deal?
by Eleanor Barlow • Aug 2021
There is a shiny new toy in the cyber security domain, and it goes by the abbreviated term of XDR. Extended Detection and Response (XDR) claims to be the latest in detection, investigation and response. But with Endpoint Detection and Response (EDR) and Managed Detection & Response (MDR) already providing these features advertised within XDR, what are the differences?
The Security Challenge
A lot of organisations do not have a dedicated security team. At most, they might have one or two dedicated individuals. For the majority, IT still runs the show, but these IT teams still don’t understand security. Which means they need to be told what to do. Very few organisations can afford to have two separate teams. A business must be at a certain scale to afford an IT team and a Security team simultaneously.
Most organisations, around 60% in fact, still don’t have a Security Operations Centre (SOC). And even those that claim to have a SOC are not fully functioning, as about 25% only operate during business hours. On top of that, an even smaller percentage are monitored by individuals 24/7, to handle alerts that are coming in. Automation 24/7 is no good if a real-life human cannot respond to the alerts accurately, and in rapid time.
Most businesses have invested in Firewalls, Intrusion Detection Systems, etc, so they have the tools set, but have not configured them, and are continuously going through the process of upgrading and changing them. What’s more, they have no escalation capability. They might have some form of capability to detect but have very limited capability to respond.
‘At best, these businesses identify, mitigate, and fry the machine. That is not cyber. That is like putting a band aid on an open wound, it’s not the surgery needed. Most are now realising that they are out of their depth if an attack were to take place. Every week we deal with around 15 customers to walk them through the process of what they need to do in such an event. And they all want the same thing – 24/7, an SLA, fixed cost etc. Over a year ago we had a lot of questions about our tool set, now businesses don’t care, they just want it dealt with. If you are in a restaurant, you don’t want to go into the kitchen, you just want your food brought to you and to enjoy what’s yours.’ – Feras Tappuni, CEO, SecurityHQ
But this lack of understanding regarding tooling is an issue for businesses looking to invest. There are lots of shiny new toys in the security world, but many are old toys, dressed up as new, for a far greater price.
The Real Deal Behind XDR
At SecurityHQ, we get vendors asking about XDR daily, ‘Is it worth it?’ and ‘Why is it being pushed?’, mainly because the definitions of XDR online are so ambiguous.
There are acronyms over existing acronyms. Blurred definitions and jargon used to push the latest talking point. A year ago, everyone was talking about Endpoint Protection (EPP). This year the focus is on Threat Intelligence, and next year it will be something else. Which means that businesses push their services to align with the latest buzzword.
But to keep up with new threats, businesses now require different combinations of detection and response capabilities, this is where XDR comes in. SecurityHQ offers XDR with multiple feature options, to ensure an enhanced security posture specific to the client. Combined Network Detection and Response, Endpoint Detection and Response, SIEM, User Behaviour Analytics, and 24/7 SOC capabilities for real-time Detection and Active Response. Receive 360-degree visibility that is constantly evolving and adapting to your hybrid, multi-cloud, IT environment, across your logs, Endpoint, and network, to increase speed of detection and remediation of both known and unknown threats.
Actions Going Forward
One of the positives that has come from remote working is that people are not being completely blinded by all the nonsense and noise generated at grand security events. Everyone claims that they do something different when they don’t. But they look at what’s happening in the booth next to them and they need to compete. And that’s just the way companies out market one another – that is not going to change. So, you need to be wary of that when selecting an MSSP or security service.
‘It’s the same thing, you have vanilla, you have chocolate, you have strawberry flavours, but it is still all ice cream. Don’t get confused because it has sprinkles on it. They are not even real sprinkles, you get those already, but you are going to pay a lot more for the same thing.’ – Feras Tappuni, CEO, SecurityHQ
For more information on XDR, or for any other security related questions, talk with one of our security experts, here.
Or, to report an Incident, reach out to us here .