In response to ever-increasing threats, companies are assembling an extended portfolio of cyber security capabilities. However, the piecemeal nature of deployment typically leads to a highly complex and siloed landscape that makes it difficult to detect and respond to advanced threats efficiently and cost-effectively.
Enter XDR (Extended Detection and Response), a new approach to simplifying and uniting previously disparate security technologies. XDR builds on endpoint detection and response (EDR) platforms by adding telemetry streams from multiple control points into a unified incident detection and response platform. While XDR solutions vary by vendor, most cover endpoint, network, and cloud workload protections and include proven capabilities for dealing with common threat vectors, from file detonation capabilities such as sandboxing to threat intelligence and analytics.
XDR builds on endpoint detection and response (EDR) platforms by adding telemetry streams from multiple control points into a unified incident detection and response platform.
XDR’s promise of unifying the security landscape comes at a time when companies are struggling with too many systems and too much noise. According to ESG Research, almost *two-thirds of large enterprises currently have at least 25 cyber security products in use and **84% of organizations are actively integrating myriad security analytics and operations technologies. More than *one-third of organizations report that one of their three biggest challenges managing assorted security products is that they generate high volumes of security alerts making it difficult to prioritize and investigate security incidents.
*Source: ESG Master Survey Results, Enterprise-class Cybersecurity Vendor Sentiment, March 2020.
**Source: ESG Research Report, The Rise of Cloud-based Security Analytics and Operations Technologies, December 2019.
XDR addresses this challenge by providing an integrated platform that automatically collects and correlates data from multiple proprietary security components. Symantec, a division of Broadcom (NASDAQ: AVGO), with their XDR approach, serves as a unified security environment much like what is possible with SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation and Response) platforms, but without the custom integration and programming requirements. Symantec’s Integrated Cyber Defense enables XDR. The out-of-box, integrated nature of Symantec’s ICD platform promises to accelerate threat detection and mitigation, helping security operations (SOC) investigators zero in on the most urgent threats.
XDR systems centrally store event data, actions, and intelligence in a common format, which allows for contextualization and correlation across multiple systems as opposed to single system alerts that could be excessive, repetitive, and potentially misleading. With thousands of security alerts coming in from multiple systems, security organizations are struggling to turn all that noise into actionable alerts that promote advanced detection.
That’s where XDR promises to be a game changer. XDR platforms correlates individual product events to system wide incidents, which bolsters detection, incident context, event enrichment and response focus. XDR improves the productivity of operational security staff by leveraging multiple control point events for incident validation and focusing investigation targets; through sophisticated built-in AI and analytics, XDR platforms automate repetitive tasks while delivering context that aids in faster incident resolution.
Symantec’s XDR Differentiator
XDR is gaining prominence as enterprises search for ways to combat ever-expanding threat vectors. Cyber security Ventures estimates that the growing number of data breaches has led to almost 4 million digital records stolen each day. Organizations are still struggling with how to best protect their environments—in fact, ESG Research shows that *44% of IT professionals report it takes their organization several months to act on insights derived from data analytics activities and initiatives.
*Source: ESG Master Survey Results, The State of Data Analytics, August 2019.
As their detection and prevention technology footprint grows, security organizations struggle with how to monitor and make sense of the thousands of daily alerts coming in from disconnected sources. While many have attempted to use APIs to integrate detection and response data using SIEM or more recently, SOAR, as the centerpiece of security operations, the approaches are cumbersome. In addition, the systems excel at collecting logs, but fall short in their ability to correlate alerts from multiple platforms to detect incidents. Many also lack a full incident response capability.
Key to a successful XDR platform is collecting telemetry from all control points and normalizing it. This allows the platform to compare apples to apples. Symantec achieves this through Integrated Cyber Defense Exchange (ICDx) that enables a true open architecture. Symantec’s approach offers the largest coverage across all critical control points, including endpoints, email, cloud security, and data loss prevention, allowing for deep visibility and remediation across the entire network.
By natively integrating multiple security products into a cohesive system, Symantec's ICD platform improves detection by coordinating the findings from individual products to detect events that might otherwise have gone unnoticed.
ICDx simplifies integration, providing the SOC with a unified picture of the security landscape instead of monitoring and remediating alerts from disconnected silos. ICDx standardizes and normalizes data across all critical control points while integrating with SIEM and SOAR, helping SOCs easily correlate and act fueled by like-to-like intelligence. By natively integrating multiple security products into a cohesive system, Symantec's ICD platform improves detection by coordinating the findings from individual products to detect events that might otherwise have gone unnoticed. Symantec’s integrated platform also improves security by rapidly sharing information and correlating incident response across products as part of the recovery. For example, alerts about suspicious activity on the network could be confirmed or ruled out through analysis of endpoint activity.
Symantec’s ICD platform is also bolstered by its Global Intelligence Network, the largest civilian global security intelligence and research network. GIN’s sophisticated threat intelligence helps security teams better assess risks and take the proper actions to counter imminent threats. Symantec also applies a deep range of machine learning, advanced analytics, and artificial intelligence to help detect threats and initiate a response whether that’s through automation or a SOC analyst.
While still new and relatively immature, XDR is fast emerging as a viable way to transform a patchwork of disconnected security tools into a cohesive unit. Symantec’s ICD platform enables XDR and our approach offers the widest coverage across all control points and addresses the key integration challenges, helping enterprises promote improved detection accuracy and more efficient security operations.
Symantec Competition: They Can't Handle the Truth
Join Art Gilliland, SVP & GM of the Symantec Enterprise Division of Broadcom and subject matter experts from the Symantec Network R&D and Engineering teams as we walk through the real strength of Symantec’s Network Security Portfolio and address some of the egregious claims made by competitors.
We encourage you to share your thoughts on your favorite social platform.