Every week, there seems to be a new buzzword that gets the tech industry talking – even if they don’t know the details of what it is and how it works. Often these things stem from well-meaning or future-forward ideas. However, in the race to turn a profit and stay competitive, marketing can quickly outpace product development, flooding the market with half-baked products and services without a solid leg to stand on. In cybersecurity, the current flavor of the week is called extended detection and response, or XDR.
A quick Google search will result in a slew of ads from new start-ups and industry heavy hitters, all claiming expertise or leadership in this latest craze. There are options for open XDR, native XDR, XDR software, XDR platforms, and even managed XDR services.
As you will quickly see once you dig into those search results, the definition of XDR changes depending on who you ask, which presents a significant problem as the market hopes to get smart on this new fad.
Let’s take a deeper look at how XDR came to be and why there is so much buzz surrounding the concept.
The Ideal Vision of XDR
XDR was introduced by Nir Zuk, CTO and co-founder of Palo Alto Networks, in 2018. Zuk, taking cues from trends in other tech spaces, saw XDR as the means to simplify and streamline the security operations center (SOC) by funneling data from every part of the security network into a central location. From there, analysts could leverage machine learning to create contextualized views of cyber-attacks, generating insights or even automating a response.
This approach also addressed two of the industry’s chief pain points: workload and visibility. In theory, aggregated data would mean fewer security alerts for teams to sort through, while machine learning would speed up analysis, and automation could handle more repetitive tasks. Viewing the security network as one complete picture instead of many separate pieces would make it easier to see how attacks were planned and executed, allowing for better defense and response.
In concept, XDR is a way to reorganize cybersecurity to be more efficient and organized. It’s a solid theory that points to many of the industry’s problems with probable solutions. But, it’s become a quick and easy way to repackage existing solutions to make them sound fresh and new – something the tech industry is prone to do, even if we don’t like to acknowledge it.
The Harsh Reality of XDR
To properly execute XDR, complete interoperability must exist across all parts of the security network. Any aspect of the network that can’t integrate with the rest of the ecosystem creates a blind spot in the defenses, lowering overall effectiveness. This isn’t an issue for companies using a single security vendor, but 86% of companies use anywhere between 1 and 20 vendors.
For XDR to work in the average security setup, there needs to be open integration between products, and the power to make that happen lies in the hands of vendors. While multiple partnerships are being forged between smaller, point-specific vendors to create a “best-of-breed” approach, referred to as “open XDR,” it’s a far cry from a universal plug-and-play model. Meanwhile, larger companies like Palo Alto are leveraging their market share to push customers into using their more expensive, single-vendor approach, or “native XDR.”
Both options come with their downsides. Open XDR offers more vendor flexibility but requires more manual maintenance, while native XDR brings a seamless experience at a higher cost and vendor lock-in. Neither paints the idyllic vision of a more streamlined SOC that was presented in 2018.
The Road Ahead Requires Industry Consensus and Cooperation
Market competition and advertising buzz aside, there is a genuine need for XDR to become obtainable for organizations of every size due to the growing threat of AI-powered cyberattacks. These automated attacks work much faster than human attackers and have shown the ability to quickly learn and outmaneuver existing security measures.
The united scope and security automation promised by XDR would be instrumental in keeping these increasingly sophisticated attacks at bay. Still, it can only be achieved with the cybersecurity industry establishing some semblance of communal responsibility and enough data to highlight its strengths over the currently favored zero-trust approach.