According to analyst firm Gartner, Extended Detection and Response (XDR) is an “SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.”
You’ll hear plenty of the traditional vendors of antivirus begin to proclaim themselves as EDR or XDR solution, trying to keep up with this more advanced tool space. As they continue to either buy up other vendors with the tool sets (then try to bolt them on to their traditional solution) or simply try to remake themselves in the model of an XDR solution in other ways, their final offering often has limitations. Typically, they’ll cover some but not all the areas of a complete XDR solution. They will address hosts and files but not network and user, or network and hosts but not files or uses. They’ll miss some of that cohesive security operation defined by Gartner.
A recent article from HelpNetSecurity – a popular information security online publication – titled “XDR and MDR: What’s the difference and why does it matter?” pointed out the following statement in closing: “An XDR solution without adequate human expertise/staffing behind it will only ever be a tool. With a managed services model in play, you’re getting both the comprehensive technology capabilities and the people required to make it work — which is why MDR may be the only acronym that your organization needs.”
This statement is very accurate for the less complete XDR offerings that do not include the managed and monitoring component in their solution. They become like all the SIEM and log management solutions that have been pushed at you for years, just becoming another tool that no one has expertise to manage or leverage for the benefits that you bought it. So, what do you have to do? Buy the “managed services” which is where these tool vendors begin to really make their money. They have you hooked forever and totally dependent on them.
Other options are out there. Complete solutions like Cynet360 include the backing of the Cynet CyOps team without needing to pay extra, bolt on more products, or go looking for the 24x7x365 expertise of another managed provider. This doesn’t mean that you can’t still depend on a managed services provider for another layer of monitoring and managing, but are they independent if they also are who you need to be monitoring? There’s nothing wrong with leveraging the additional layer you’ve come to depend on, but at what added cost to get the independence and expertise like that of a CyOps team that is already baked into the Cynet360 solution? You are still going to need to explain to your auditor and examiners how you’ve learned the tool adequate enough to understand and generate independent reporting of the activities of the managed third party.
At least when you are answering that questionnaire for your cyber insurance coverage, you’ll be able to check off ‘Yes’ on several questions because you implemented a powerful, more advanced endpoint protection solution.
To learn more, call or email FIPCO Director – Information Security and Audit Ken Shaurette at 800-722-3498 ext. 251 or itservices@fipco.com today to take advantage of these services and ensure the safety and soundness of your business.
Learn more at www.fipco.com/solutions/it-audit-security/autonomous-endpoint-protection.