Integration of the XDR into the system landscape
Increasing complexity in information processing opens up more and more options for cyber criminals to gain access to data and systems. The current cybersecurity response to this threat is XDR (Extended Detection and Response) and EDR (Endpoint Detection and Response).
In order for the XDR solution to be able to correlate all relevant information, full integration into the system landscape is required. Log data from (cloud) applications, infrastructure systems such as gateways and proxies as well as external threat intelligence information must be taken into account during the evaluation and connected during commissioning. Investments in existing measures are not rendered obsolete by XDR – the benefits of the investments are significantly greater thanks to the consolidation of the data.
XDR vs. SIEM
While there are major parallels between SIEM and XDR in terms of data aggregation, they differ in terms of automated detection and response to attacks. SIEM systems generally require manual processing of incidents. Only a few use cases are responded to automatically. If a SIEM has already been introduced, its data can be used by XDR systems, thereby completing the correlation.
Artificial intelligence and machine learning in XDR
Artificial intelligence (AI) and machine learning (ML) are omnipresent in the marketing slides of IT solution providers. In fact, the processing of log data harbours great potential for these technologies. The first reason for this is that there is an almost endless amount of data available for training the models, which makes them accurate. Secondly, due to the amount of data and the variation, humans are hardly able to cope with false positive warnings in a large organisation using classic filter algorithms. And thirdly, the fields of AI and ML are undergoing strong further development on the part of research and industry, which will have a positive impact on future possibilities.
Conclusion
The attack surface of our IT systems is constantly growing due to the cloud, working from home and greater complexity, while dependency on these systems is also increasing. These risks must be continuously assessed and compensated for with suitable measures. With Endpoint Detection and Response or Extended Detection and Response, we have tools in our hands that are adapted to the changed conditions and fundamentally increase the efficiency and effectiveness of the existing SOC and IT security specialists as well as the existing IT security measures.
This article was published in the Cybersecurity Special in March. See article (in German)
Managed SASE
Managed Infrastructure
Analytics as a Service
Information Security as Service
Security Strategy
Security Architecture
Technology Consulting
GRC
Security Awareness
Cyber Resilience
Network Security
Content Security
Application Security
Cloud Security
Infrastructure Security
OT Security
Endpoint Security
Security Analytics
Team
Working at ensec
Facts and Figures
