Like it or not, the holiday season has arrived in all of it’s retail glory, infused with enough pumpkin spice spiciness to kick that Elf-on-a-Shelf up to the stratosphere. It’s a time when your inner Scrooge might suddenly appear, unwittingly provoked by one too many exposures to “All I Want for Christmas is You.”
Let’s face it, working in security can leave you a bit on edge, even without the added caffeine or last minute shopping. Yet, the holidays should be a time of reflection and spreading cheer, embracing the values that matter. We set our sights on the horizon of the approaching New Year, making resolutions, determined to improve some aspect of our daily lives.
For security practitioners, this often means staying ahead of the security curve, keeping critical data safe. And a part of that ongoing strategy is to stay up-to-date on the latest industry innovations like Extended Detection and Response, or XDR.
While gaining acceptance and traction in the industry by the analyst community and end-users at large, there are companies that rely on EPP/NG-AV. And since “NG-AV” is no longer Next Generation, how can these companies determine what is the most appropriate XDR to choose given there are so many flavors of XDR in the market? Some XDR "flavors" might simply be a rebranding of endpoint detection and response (EDR), so it pays to pay attention.
While EDR provides granular visibility and provides response action for endpoints, it lacks these capabilities for non-endpoint network telemetry, cloud environments and email behaviors. XDR takes prevention capabilities further than NG-AV or EDR, offering full-scale visibility and powerful analytics that security teams need to fight modern attacks now and in the future.
So, how does one distinguish between the various options available on the market to determine whether a solution is true XDR as opposed to another vendor hopping on the XDR bandwagon? The following specifications (while not exhaustive) can help separate the winners from the wannabes.
A true XDR solution:
While XDR is defined as “eXtended detection and response,” its strength lies in the ability PREVENT attacks to block, disrupt, and contain threats and attacks before any damage occurs. For all other activities, XDR provides a deep level of integration with devices to build a complete record of communications and endpoints, and how users interact with all applications and data to detect attacker TTP (techniques, tactics and procedures.)
Can the solution detect attacks based on identity, cloud, and network data, including between unmanaged devices? Some endpoint only "XDR" vendors will say they see network data when what they really mean is network traffic coming from the endpoint agents instead of getting data from network security devices like NGFWs. A true XDR will analyze data from at least these sources and correlate with threat activity, and tag with MITRE ATT&CK TTPs to help provide a more detailed picture of adversarial movement.
“Empower organizations to know about and stop all attacks by ingesting, integrating, and analyzing every data source to encompass the entire environment, and leveraging multi-layer cross-data analytics for higher fidelity detection, continuous learning for automated investigation and response, and all threat context and insight in one place.”
At Palo Alto Networks, we have a steadfast commitment to providing best-in-class security solutions, and Cortex XDR—as the first XDR product in the industry—continues to lead by example by adding robust new third-generation capabilities such as forensics, identity analytics, and cloud security.
For further reading on the subject, our “XDR for Dummies” e-book discusses the current state of detection and response, including threats, limitations, and challenges faced in an enterprise SOC. For teams evaluating XDR solutions, the e-book provides guidance with a chapter devoted to ten key XDR capabilities and features to look for. Join the Cortex XDR Revolution today!
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.