This is a summary of an article written for Channel Futures by Jon Bove, VP of Channel Sales at Fortinet. The entire article can be accessed here.
Over the past 12 months or so, organizations have accelerated their digital transformation strategies. Unfortunately, the types of innovation that kept businesses afloat also increased their risk of falling victim to a range of cyber threats, including ransomware. With this in mind, the need to secure expansive remote and hybrid work models, as well as new cloud environments, is more critical to business resiliency than ever before. To reduce data silos and enhance security, organizations should consider maximizing the value of their current technologies with integrated Extended Detection and Response (XDR) solutions.
Organizations often cite complexity as one of their leading cybersecurity challenges. One way to manage this issue is by consolidating vendors into an integrated solution, something which 80% of organizations are currently doing or are planning to do, according to Gartner. Because these tools often work in isolation across different consoles, security teams are forced to manually coordinate events, which can lead to threats falling through the cracks.
To effectively address today’s advanced threats, organizations require visibility and control across their entire distributed networks. And while many security solutions are limited in terms of their capabilities, extended detection and response can help fill the gap. Gartner defines XDR as a “unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components.” In other words, organizations can bring together all their security tools in a single location for enhanced visibility. For example, they can consolidate network security, endpoint security, email security, and cloud security monitoring in a single platform to ensure the whole is greater than the sum of its parts.
This enables partners to deliver a differentiated customer offering that improves security posture while reducing security operations overhead. Further, when artificial intelligence (AI) and automation are applied to the correlated data, it frees overburdened security teams from the hamster wheel of alert triage, allowing them to focus on more strategic application of their expertise.
However, to achieve this level of security and operational efficiency, vendors must first overcome certain challenges.
First off, many vendors’ solutions do not cover the entire attack surface. Instead, they focus on securing one or a few different attack vectors individually, such as cloud, email, or endpoints and call it XDR. When this is the case, XDR cannot demonstrate its true value, which lies in its ability to combine components across multiple attack vectors. This ties into another challenge many vendors face: Disparate solutions. Even though they may offer a full range of security products and solutions, vendors that have acquired these components (especially ones with large install bases) individually over time may lack the resources and commitment for tight integration needed for higher-value analytics and automation. In this scenario, XDR can only loosely compensate for the lack of interoperability rather than being able to provide a cohesive system.
And in between analytics and automation is a third challenge faced by vendors- investigation. If a solution only focuses only on the front end detection and back end response, security analysts are left having to manage the critical middle stage of investigation. To proactively address this issue and give security teams back the time they need for higher-priority initiatives, an effective XDR solution must be able to autonomously perform a thorough investigation regarding a threat’s validity, nature, and scope; ideally with the help of artificial intelligence.
As with everything else, not all technologies are created equal. Partners looking to offer customers an XDR solution must understand the key capabilities that will enable their customers to mature their security posture. When evaluating an XDR solution, organizations should consider how the technology can reduce Mean Time to Detect (MTTD), Mean Time to Investigate (MTTI), and Mean Time to Respond (MTTR). Reducing these three metrics better secures an environment and provides an objective way to assess the organization’s maturity level.
Before anything else, XDR solutions must detect threats. When looking for a solution, organizations should ensure that the technology can do the following:
Not all XDR solutions enable robust investigations. In fact, this is an area where many lack the capabilities that can make them true assets to an organization looking to mature its security posture.
Traditionally, security teams take over the investigation once the security tool detects a threat. However, security analysts struggle because the overwhelming amount of data often triggers false positives. Thus, they spend more time following dead-end search paths and less time investigating real threats to an organization’s data.
When looking for an XDR solution, organizations should consider the following investigation functionalities:
Finally, an XDR solution should enable a coordinated and automated response to detected and investigated threats. As part of considering a solution, an organization should ensure that it:
Fundamentally, extended detection and response (XDR) soluions offer partners a way to deliver a cohesive security approach that maximizes customer technology investments while also maturing their security posture. Since all organizations have a different risk profile, they must guide their clients to the right, and right-sized, security tools that help them mitigate risk. Organizations with more staff, skills and process often deploy security information and event management (SIEM) and security orchestration, automation, and response (SOAR) tools for this purpose. However, companies with limited security teams, tools, and processes typically benefit more from an XDR solution. By automating detection, investigation, and response activities with AI, XDR solutions also enable organizations with smaller security teams to focus on high-value activities, like assessing risk and putting new controls in place.
By delivering these technologies, partners increase their value to clients, providing customers with a centralized location for effective and efficient security activities- in the case of XDR, in a highly automated fashion well suited for security conscious, yet resource constrained, organizations.
Learn more about Fortinet's AI-powered XDR solution—FortiXDR.
Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.