XDR: Security’s new frontier

As enterprises transform their IT environment and workforce, finding the right security approach is critical for success. Without the proper protective measures in place, moving services to the cloud can introduce a great deal of risk.

For a truly future-ready security solution, enterprises should think outside the box. Enabling enterprises to go above and beyond typical security functionality, extended detection and response (XDR) provides a much simpler, single pane of glass view that seamlessly integrates multiple security products into one system. Designed to help security teams identify sophisticated threats and improve response speed, XDR was developed as an alternative to solutions that provide only one layer of visibility.

To modernize their security operations for XDR, Communications Service Providers (CSPs) need to start by collecting the correct information. This means utilizing a continuously curated, updated and highly relevant centralized security management platform.

But in practice, tapping into a wealth of data from any application, network element, connected resource or device creates challenges that few organizations have been able to resolve.

With an extensive network spanning dozen or even hundreds of mobile workers and devices, home offices, SD-WAN connected branch offices, multiple cloud and software-as-a-service (SaaS) applications, as well as operational technology (OT) systems and distributed internet of things (IoT) devices, security teams have to manage data from a growing number of sources.

Many organizations have handled this on an ad hoc basis by doling out updated security solutions for each new network segment. However, this lacks a central emergency response plan or security strategy, resulting in security operations teams setting up an average of 40 different point products across their networks.

Further, many of these solutions are operating in isolation. They do not share or collect threat intelligence reports, nor do they integrate easily with other solutions to organize threat responses in the same part of the network (let alone across disparate environments). Security operations teams cannot centrally orchestrate or manage policy distribution, ensure enforcement, or centralize configurations through endpoints, the network, and the cloud.

To accommodate the variety, volume, and velocity of security-focused data that 5G networks are creating, XDR technologies must be anchored by a modern data pipeline with the ability to collect and process security data at scale across hybrid IT environments.

Integrated, interoperable, secure

To identify the most impending threats, security managers and data analysts need a common source of intelligence that has been quickly and accurately correlated from across the network.

For this reason, a CSP’s security tools must be extremely interoperable. Regardless of their location, the tools need to share alerts and threat data with other security tools and leverage common security intelligence feeds.

Building a common security framework using an integrated security platform that can connect security tools from many different vendors is the easiest and most effective way to make this happen. Such platforms need to have:

• Integrated security operations: This provides a single view across the network, enabling operators to prevent impending threats before they impact service
• Streamlined security tools: By simplifying their security suite, CSPs can more confidently expand their network, while maintaining its integrity
• Enhanced threat intelligence: By getting a comprehensive view of the threat landscape, CSPs can ensure the integrity of the network, reducing the need to identify major threats

While CSPs often adopt a security orchestration, automation, and response (SOAR) solution to coordinate their distributed security system throughout their security operations center (SOC) and network operations center (NOC), they can utilize XDR solutions for a more unified and bulletproof response.

Modernizing the SOC with XDR

Many CSPs start an XDR project as an addendum to their security information and event management (SIEM) solutions. SIEM is a foundational piece of any SOC. Most organizations will supplement SIEM with XDR to help analysts triage incidents, improve alert fidelity, or add advanced analytics for threat detection.

Other CSPs focus XDR initiatives on adding response and threat detection capabilities to SaaS applications and cloud-based workloads and to detect potential adversaries, malware or other network anomalies.

Whatever their reason for choosing to move to XDR, it’s clear that the technology can add a great deal of value via multiple use cases, including hunting for threats, investigating security breaches and aggregating data. XDR’s ability to improve visibility, response times and productivity of security teams makes it a truly one-of-a-kind solution, and one that more organizations should look at adopting.