XDR (Extended Detection and Response) technology has already become one of the most conspicuous in the cybersecurity market. Its main advantage is its comprehensive approach to countering sophisticated cyberattacks. This is achieved by maximizing control over potential entry points and through the use of top-of-the-line tools for incident detection, threat hunting, investigation and response within a single incident-handling process.<\/p>\n
Leading information technology research and advisory agencies are paying special attention to the technology \u2013 describing it as the most promising for the coming years. It therefore comes as no surprise to see the list of XDR vendors growing rapidly as many new companies enter the market. Some vendors already offer full-fledged solutions, while others continue to build convergence among their IT-security products and upscale XDR functionality.<\/p>\n
Since the XDR concept is still in the making, let\u2019s figure out what to consider when choosing an XDR vendor. In our view, a reliable XDR supplier needs to be able to provide the following:<\/p>\n
An EDR (Endpoint Detection and Response) solution for advanced detection and response to sophisticated cyberthreats at the endpoint level is a key element of XDR. For its part, EDR cannot do its job properly without a robust EPP (Endpoint Protection Platform) solution \u2013 a fundamental endpoint protection technology that automatically sifts out a huge number of mass threats \u2013 on top of which EDR comes into play. So, when choosing an XDR vendor, you need to look carefully at the endpoint protection features to make sure there\u2019s support for various types of endpoints: PCs, laptops, virtual machines, mobile devices, and various operating systems (OS). The quality of an XDR solution depends directly on the synergy between EPP and EDR on the vendor\u2019s side.<\/p>\n
It goes without saying that reliable and up-to-date threat intelligence is vital in effectively countering modern cyberthreats. Effective response is impossible without a full overview of cybercriminal tactics and techniques. Therefore, IT-security experts who use an XDR solution must have access to comprehensive, up-to-date threat intelligence; this additional context improves process of incident investigation and response by speeding it up.<\/p>\n
Although XDR solutions are usually a single-vendor affair from the start, when comparing XDR solutions it\u2019s important to consider how well they integrate and interoperate with third-party solutions. Opting for an XDR solution with a strong ability in this regard would both help sustain IT-security investments and serve the main purpose of XDR: collect, correlate data and alerts from multiple IT-security components and provided on top additional cross-product scenarios to increase efficiency of complex incident response. The more sources of data the solution collects, the more complete the picture of what is happening in your infrastructure will be.<\/p>\n
It is often difficult for organizations to independently evaluate the performance of intrinsically new solutions. In the case of XDR, it\u2019s important to understand that the idea behind it is the consolidation of various IT-security tools into a single concept. Hence, the different components that make up this novel technology need to have been:<\/p>\n
Since XDR is still a nascent infosec trend, potential buyers need to study (i) vendors\u2019 plans for development of their solutions\u2019 components, and (ii) vendors\u2019 roadmaps for system refinement. The more purposeful and clear such intentions are \u2013 and the more willingly they are shared \u2013 the more trustworthy the vendor.<\/p>\n
\u00a0<\/p>\n