In this interview with Help Net Security, Adam Bennett, CEO at Red Piranha, discusses Extended Detection and Response and their flagship product – Crystal Eye XDR.
We’ve been hearing a lot about XDR in the past year. What is it, and what security issues does it address?
Extended Detection and Response (XDR) is an integrated security protection, threat detection and incident response platform. Comprehensive security is provided from an automated, singular unified platform of integrated cybersecurity tools. Data is collected across the multiple layers of attack surfaces:
- Endpoints – workstations, laptops and mobile devices
- Network edge – routers, firewalls, switches and 5G nodes
- Cloud – applications, platforms and service
- Servers – file server and databases
The data collection and event correlation from these data streams allow for immediate detection of threats based on threat intelligence feeds gathered through network and host-based intrusion detection systems. The data is correlated into a central data lake where predictive, intelligent threat-detection is enabled.
As the threat landscape continues to evolve, organizations are struggling with the configuration and monitoring of multiple products and systems from different vendors. XDR solves this problem by providing a single unified platform that will protect, detect and respond to incidences across the whole organization, preconfigured to be ready-to-go from deployment.
Now in version 4.0, what separates Crystal Eye XDR from other solutions on the market? What are its unique features?
In 2013, Red Piranha pioneered the concept of integrated cybersecurity services within organizations infrastructure before the XDR market segment was established. Unlike many within the XDR market who merged multiple security products into one system, Red Piranha has built Crystal Eye XDR from the ground up, limiting the need for product integrations, as everything has been developed as one unified platform.
Crystal Eye XDR set the industry standard for what is considered the core feature set of XDR, but with our latest 4.0 release, we’ve expanded this to now include:
- Crystal Eye XDR Cloud – Cloud-Native Security Platform, which provides complete security protection across your entire cloud attack surface.
- Crystal Eye XDR 360 – A cost-effective managed security service that allows for a complete hardware and software security solution through monthly subscription bundles.
- Crystal Eye XDR Endpoints – A set of integrated endpoint apps like CEASR allows for endpoint attack surface reduction and reporting, HIDS-based MDR and DFIR to enhance the SIEM features and operate in parallel with the NIDS and NSM to provide a consolidated incidence response capability.
- Easy configuration of multiple security features and applications using UCMI object policy control. Centralised Multitenant cloud-based and device-based management.
- Extended truly integrated SOAR and DFIR capability allow Incident escalation and incident response, allowing for network and endpoint investigation via the on-demand DFIR application.
- Crystal Eye 4.0 allows for simpler XDR security management for multitenant partners and end-users through the seamless integration of Crystal Eye XDR SASE and on-premise deployments within the cloud orchestrate platform.
- A robust firewall and networking capabilities for larger enterprise and more complex network environments. The platform has a GUI that promotes user interaction.
- Vulnerability scanning and management, allowing for greater scanning capacity through private networks.
- The trademarked eCISO solution provides automated and integrated risk management processes, and reporting allows organisations to get on top of compliance requirements and reducing the management burden.
Crystal Eye XDR comes with integrated SOAR processes. How does that help security teams?
The integrated SOAR processes allow intelligent and automated responses to be implemented directly when a breach occurs.
The security team can configure the SOAR to automatically respond to a low-risk threat whilst responses to high-risk threats are escalated for human analysis and coordinated with the required services. This reduces the workload on the security team, who can then focus on proactive security tasks instead of analysing low-risk activities and false-positive events.
Can you tell us more about the Crystal Eye XDR data flow architecture?
The Crystal Eye XDR platform integrates directly into our Crystal Eye Security Operations Center (CESOC). Threat intelligence feeds come into our Orchestrate central management console for proactive protection. Event data is consolidated into our data lake from our network and host-based intrusion detection sensors (NIDS and HIDS), Firewall, Secure Email Gateway and Secure Web Gateway components.
The data is then normalised within the data lake and compared against the threat intelligence feeds to protect the whole network and implement incidence response and security orchestration where required. Integration with the CESOC allows for rapid response with our 24/7 SOC capabilities.
Crystal Eye XDR offers vulnerability tuning within the IPS engine. How does it work?
Our IDPS engine includes over 46,000 rules updated and managed daily to alert or block threats out of the box. To improve system performance specific to each network environment, the IDPS engine can be tuned to provide more meaningful protection by reducing false positives. The system also offers virtual patching so that exploits to known and unknown vulnerabilities can be blocked at the gateway before entering the network to expose those vulnerabilities.
Crystal Eye XDR is a plug-and-play platform, and, once installed, it will run a vulnerability scan of the network to identify vulnerabilities. It will then display the vulnerabilities identified, the number that Crystal Eye has protected and the exploits that pose a risk to the network.