CSO Article by Pete Bartolik
Security practitioners must employ XDR tools to focus on the bigger picture and the larger threats at hand.
Security is a community effort; it takes a network of partners to ensure everyone is secure.
That’s why Cisco’s Extended Detection and Response (XDR) solution, launched in April, focuses on correlating telemetry from several third-party security vendors to increase interoperability and deliver consistent outcomes regardless of vendor or technology.
Security is a fragmented market, and you are only as secure as your weakest link. There is a wealth of tools to address different aspects of enterprise security, but in the Security Operations Center (SOC), a varied toolset can produce a cacophony of signals and alerts that overload teams and send them off hunting for causes wasting precious time and energy. This creates a weak link in security. Cisco XDR aims to fix this fragmented defense solution with a unified security incident detection and response solution that applies analytics to detect malicious activity, and then responds to and remediates threats.
To be effective, XDR solutions must be comprehensive and automatically collect and correlate telemetry from multiple security tools across all vectors — email, endpoints, servers, cloud workloads, and networks. To be truly useful, vendors, service providers, and users must be able to plug in APIs to existing endpoint detection and response (EDR) systems and other security tools.
With these integrations and constant data scanning, security practitioners can employ XDR tools to focus on the bigger picture and the larger threats at hand and how to respond to those threats.
“All of these security tools generate telemetry, but Cisco XDR provides a unified, analytics-driven picture of what is going on,” says Vinu Thomas, COO of Driven Technologies, a cloud-native and cyber security managed service provider helping businesses secure, modernize, and connect their applications, data, and users in a rapidly shifting digital and automated world.
Cisco XDR integrates the telemetry from all these different fragmented tools. “It’s able to work with SIEM technology, which basically consolidates the logs, but then it’s able to take those alerts and create responses that are actionable and can be automated,” explains Thomas.”
Full Article: https://www.csoonline.com/article/652274/partnering-up-on-xdr-a-rising-tide-lifts-all-security-teams.html