Tips to consider when investigating “XDR” solutions
Over the past few years, it has become apparent that many cybersecurity vendors are experts at blurring the lines of meaning in their carefully crafted descriptions of their solutions. Unfortunately, this has only increased confusion while reducing cybersecurity effectiveness for customers.
We are bombarded with terms like Web 2.0, XaaS, Cloud, SASE, Zero Trust, and endless other vague marketing jargon — but who is spending the money and effort to shape our vocabulary in this way? Well, it’s primarily coming from vendors touting their capabilities in EDR, MDR, XDR, and other variations of this service.
The problem is that none of these “XDR” terms really have an actual, singular definition. Each vendor can create their own meaning to suit their go-to-market objective and capabilities.
However, the one letter that consistently appears in all these acronyms is “R” for response. Unfortunately, this word is often the most misleading part of the service description since vendors can have different interpretations of what “response” looks like.
As showcased above, many vendors have only added to the confusion of the overwhelming cybersecurity landscape with the vague use of these R-related cyber terms. This approach raises several concerns:
Vendors can only respond to what they can see.
For many cybersecurity providers, visibility is created by deploying sensors, agents, and scanning tools in the relevant customer environment, typically at the endpoint. The problem with this process is the service vendor can only see what is sent back by those monitoring tools.
Frequently, systems get missed or are outside of the service scope, which creates more risk exposure. Items that can be easily missed include operational technologies such as a control system in a manufacturing environment or an IoT device providing physical security or environmental controls. Or it could be as common as a server running a legacy application that wasn’t addressed in the scoping definition for “XDR.”
A complete security assessment, asset inventory, and scan must be completed before purchasing any “XDR” vendor’s solution to determine fit and coverage.
A vendor’s response to the event doesn’t actually correct or counteract anything.
At best, computing devices can be isolated from the network when a threat is identified. However, the actual investigation, remediation and resolution of that quarantined device are still left to the client or their service provider — putting the burden of remediation back on internal teams without enough time, resources, or expertise to address the problem adequately.
A vendor only provides vulnerability and security operations recommendations.
With few exceptions, the “XDR” vendor is only providing guidance through voluminous reports and dashboards notifying the customer’s IT team of remediation items to address. The vendor is typically not providing any hands-on work for the significant fees charged, draining resources from an already depleted staff and budget. That means the day-to-day staffing and knowledge burden, which is by far the biggest cost and most challenging need, is still left unresolved for the customer to address.
Questions to Ask Your Vendors
Despite these trends, XDR services are often advertised as “end-all, be-all” solutions that offer full protection from cyber risk protection. Unfortunately, no such solution exists (and no, not even Ostra can be your all-in-one solution). Building a comprehensive cybersecurity strategy involves more than installing the right products or working with the right partners.
To be clear, there are many great services and solutions on the market (including MDR, EDR, and XDR platforms). But it’s up to the IT service providers and the clients they serve to ask the right questions — especially SMBs who have limited budgets and resources to utilize and zero to waste. When investigating ways to fill your operational and technical needs through a cybersecurity program, ensure that these questions are answered to your satisfaction:
Is your solution built on proven and reliable security platforms and tools?
- The cybersecurity landscape is constantly evolving. Find a provider with vast industry knowledge and one that continuously evaluates the marketplace to ensure their products are updated with the latest and best features to protect clients in a scalable way.
Does your solution cover the critical categories of cybersecurity?
- Cybersecurity is a very broad category with several sub-specialties. When picking a security partner, make sure their services cover the most critical elements at a minimum. A layered solution should include cyber risk protection from the firewall and VPN all the way to endpoints, including email and mobile devices.
Have ALL cybersecurity components been integrated and orchestrated to optimize efficiency?
- Vendors often have either an endpoint-centric approach or a limited integrated solution through a hodgepodge of agents, scanners, and sensors with limited correlation and intelligence. Make sure your provider takes a comprehensive approach to guarding the clients’ entire environment.
Is the solution utilizing advanced analytics and data collection 24 hours a day, 365 days a year?
- It requires significant resources to actively monitor, respond, AND resolve (with hands-on resources) any suspicious security events on behalf of the partner and customer. These resources include advanced information correlation and analysis and the actual security analysts with the right cybersecurity skills — whether they are members of the vendor’s team, the customer’s internal IT/Security Operations team, or both.
Although these points seem nuanced, they highlight some critical differences in the marketplace. Decoding the R-words in cyber jargon can help you choose a holistic solution that protects clients from devastating cyber risks versus the over-sold capabilities of the alternatives advertised on airport billboards and the sides of race cars.
Ostra Cybersecurity is committed to helping our network of consultants, IT firms, and Managed Service Providers enhance value for their small to medium-sized business clients by delivering Fortune 100 tools, tech and talent. As your trusted cybersecurity team, Ostra’s ecosystem allows for true remediation and resolution — not just alerts. Learn more about our unique approach to Managed Cybersecurity solutions, or reach out to us anytime to start a conversation on how to partner with us.
Wade Hoffman is the EVP of Channels & Strategy at at Ostra Cybersecurity, a multi-layered and fully managed Security as a Service. Wade leads the Channel Team responsible for growing Ostra’s network of trusted Channel Partners and the SMB clients they serve.