Extended Detection and Response (XDR) is the evolution of SIEMs, SOARs and EDR, and can help minimise visibility gaps, alert fatigue and staffing challenges, and improve detection and response times.
This is according to speakers at a webinar on Modernising Cybersecurity with XDR, hosted by specialist cyber security distributor Dolos last week.
Matthew Stevens, CTO at Dolos, said XDR helps address some of the biggest challenges facing cyber security teams. The industry has an ongoing skills gap, and there has been a dramatic increase in attacks and compromises – especially in the Southern African region, he said.
“Another concern is the rate at which breaches use compromised credentials – up to 81% of breaches used stolen or weak passwords. In addition, around 62% of attacks are malwareless, which tells us we need more than signature-based detection, and organisations will have to develop more layers of security,” Stevens said.
XDR helps address some of the biggest challenges facing cyber security teams.
“A lot of organisations are running disparate cyber security technologies, and end up with a distributed and complex landscape. This is one of the reasons the skills shortage exists – there is such a drastic increase in complexity that it is difficult to catch up in terms of skills set. In this broad landscape, there is poor correlation between solutions and decreased efficiencies in response action,” he said.
Dolos and WatchGuard Technologies' partnership
Stevens introduced WatchGuard Technologies’ approach: “Dolos is very excited about our partnership with WatchGuard Technologies, who are trying to solve the problem of clients having a patchwork approach to managing cybersecurity technology. As a vendor and technology class, it is a very high value brand, and its XDR strategy adds a lot of value without adding extra cost to the platform itself.”
Ricardo Arroyo, principal product panager at WatchGuard Technologies outlined the evolution of XDR: “The journey to XDR started in security information and event management (SIEM) technology, endpoint detection and response (EDR), security orchestration, automation and response (SOAR) and around 2018, vendors started putting all of those capabilities into an extended detection and response (XDR) solution.”
Arroyo said XDR solutions address alert fatigue by correlating and prioritising incidents in a single console for threat and SOC analysts. Important XDR features include automated response actions and extended data retention.
WatchGuard Technologies’ ThreatSync XDR
Highlighting WatchGuard Technologies’ ThreatSync XDR, Arroyo said: “We believe a native XDR solution should be the ‘easy button’. Because MSPs are key to providing XDR capabilities, we’re building for MSPs first.”
ThreatSync is designed to be the industry's smartest, fastest, and most effective XDR security platform, providing zero configuration, simple-to-use features for visibility, cross-detection, and orchestrated threat response. ThreatSync Core is included with a number of WatchGuard products, including the Firebox firewall, EDR, and AuthPoint multi-factor authentication.
Stevens said WatchGuard Technologies is helping secure major enterprises with distributed infrastructure or sensitive intellectual property to protect, such as education, hospitality, pharmaceutical, aviation, financial and technology organisations.
He said the WatchGuard unified security platform and ‘unify to simplify’ strategy streamline and simplify processes and reduce the amount of resources needed to enhance security. “With WatchGuard, we are delivering a lot of extra value and capability for the same price.”
* The webinar on Modernising Cybersecurity with XDR was hosted by ITWeb on behalf of Dolos on 16 October 2024.
Share