McAfee announced extended detection and response (XDR) capabilities with the introduction of MVISION XDR platform, a cloud-based advanced threat management solution with complete coverage across the attack lifecycle, prioritization to protect what matters, easy orchestration and efficient response.
MVISION XDR improves security operations centers (SOC) effectiveness with quick risk mitigation and delivers total cost of ownership (TCO) for threat response with the inclusion of MVISION Insight’s proactive threat analytics.
SOCs are still maturing and face three key challenges that impact time to resolve: 1) Reactive processes and workflows, 2) Alert fatigue and fragmented tools, and 3) Limited staff and expertise.
According to recent ESG1 research, 66 percent of organizations says that detection & response effectiveness is limited due to multiple independent tools. Siloed tools inhibit faster and better security outcomes by requiring security operations to manually correlate data and orchestrate response across the disparate tools.
Time to resolve or contain a threat continues to be in months allowing dwell time for the adversary to do more damage. According to SANS research, only 40 percent of the SOCs have incident response function.
The shortage of cybersecurity staff and expertise continues to limit security effectiveness. MVISION XDR removes the complexity of fragmented tools and provides new levels of proactivity, prioritization and orchestration to improve the SOC effectiveness.
“SOCs continue to face a dynamic threat landscape especially in this work-from-everywhere environment. The fragmented nature of their traditional tools, which require a lot of manual and cumbersome processes, make it near impossible for their already stretched teams to be as effective as they need to be.
“MVISION XDR is the industry’s first XDR platform that allows organizations to proactively get ahead of adversaries and manage threats across their entire enterprise with unified visibility, control, and automation to protect what matters most,” said Ash Kulkarni, executive vice president and chief product officer of the enterprise business group at McAfee.
“Organizations indicate that threat detection and response is much harder today than two years ago,” states Jon Oltsik, Enterprise Strategy Group. “This difficulty is characterized by the constant fire drill mode of reacting to growing volumes of alerts.
“Most EDR and budding XDR solutions are reactive, so adding proactivity and prioritization to XDR can produce better & smarter security outcomes. In this way, security professionals can spend less time on error-prone reactive fire drills with weeks of investigation and get to responding and protecting what counts quicker.”
MVISION XDR capabilities address the entire attack lifecycle before and after an attack with:
- Organizations can be proactive and act on external threats that matter before the attack. Organizations can prioritize threats, predict if countermeasures will work and prescribe corrective actions.
- Visibility and control of threats across the entire enterprise (endpoint, network and cloud) from a unified view equips analyst of any experience level to speed threat triage with their choice of automatic or AI-guided investigations.
- Unique data awareness allows for automatic prioritization of threats based on the risk and the impact to the organization. Incidents are assessed based on user, data classification, device, vulnerability and threat intelligence. A good example is if a threat is targeting sensitive data on a device it will take a higher priority for action.
- Open and cloud-delivered security platform simplifies integration with external threat intelligence, existing SOC tools like ticketing systems and lowers TCO.
Initial MVISION XDR experiences are available today with MVISION EDR. Additional MVISION XDR experiences will be available to early access customers in Q1 2021, with general availability to follow.