Anyone paying attention to the cybersecurity technology market has heard the term XDR – Extended Detection and Response. It’s a new technology approach that combines multiple protection technologies into a single platform. All the analyst firms are writing about it and many of the top cybersecurity companies are actively moving into this space.
Why is XDR receiving all the buzz? Combining (or orchestrating) security technologies in a usable manner has become the bane of cybersecurity as technology spread has overwhelmed the space. There’s a massive market for cybersecurity technologies that combine and rationalize other cybersecurity technologies (see SIEM and SOAR). However, most companies find selecting, implementing, integrating, normalizing, operating, and maintaining a fully combined set of cybersecurity technologies far too daunting and only within reach of the largest companies with the deepest pockets.
Next week, Senior Analyst Dave Gruber of ESG will join cybersecurity company Cynet for a webinar (register here) to help companies better understand the promise and realities of emerging XDR technologies. Honestly, this couldn’t come at a better time as multiple cybersecurity providers are jumping onto the bandwagon of this nascent technology. Some companies, like Cynet, have had an XDR solution in the market for some time while others are providing mostly marketing materials for technology that is still under development and has not been deployed in a meaningful way.
More Buzz – A New Incident Engine
In the webinar, Cynet will also introduce a new ‘Incident Engine’ that automates the full response workflow. The Incident Engine automatically analyzes high-risk threats and finds the root cause and the full extent of the attack across the environment. It then automatically implements remediation actions to eradicate all parts of the threat.
Fully automating incident investigation and response is a boon to companies that do not have the cybersecurity expertise to adequately investigate alerts, determine the full extent of the danger, and then take appropriate remediation actions. It’s also a huge help to overworked cybersecurity analysts that might spend hours or days fully investigating and responding to dangerous threats. Cynet’s Incident Engine promises to fully automate this process, in the background, in a few minutes, allowing cybersecurity analysts to focus on other important tasks. Automating repetitive or complex tasks will become increasingly important in the world of cybersecurity.
While I don’t believe cybersecurity experts will be fully replaced by AI robots, I’m certain that many cybersecurity tasks will. Companies spend increasing amounts on cybersecurity every year but are busier and more frazzled than ever. We have expanded capabilities and coverage areas, but now it’s time to start simplifying, consolidating, and automating. And, we need to do this with less technology and fewer providers, not more. I think XDR and response automation is certainly a step in the right direction.