Cybersecurity products generally use preventive physical and software measures to protect the network and its assets from unauthorized access, modification, destruction, and misuse.

FREMONT, CA: XDR and Open XR are two new buzzwords in the cybersecurity tools market, but there are many definitions of XDR and several approaches to delivering it. So let's clear the air a little.

Cybersecurity products generally use preventive physical and software measures to protect the network and its assets from unauthorized access, modification, destruction, and misuse. In addition, these products typically protect specific support on the web:

Firewalls: avoid unauthorized users from accessing the network by enabling or denying traffic.

Anti-Virus/Malware software: defends network endpoints and servers from infecting by damaging software that can corrupt files, delicate export data, or perform other malicious activities.

Application Security: systems look for and block susceptibility points in application software.

Network Access Control: systems manage access approvals for authorized users and devices, avoiding unauthorized users from obtaining access.

User Behavior Analytics: solutions monitor user activity, normal baseline behavior, and alert on activities that deviate from regular exercise.

Network Traffic Analysis: Network Detection and Response (NTA/NDR) products study network traffic, look for unusual patterns indicating attacks, and act contingent on the results. Network traffic does not lie and contains tactical data for threat detection.

Cloud Security: solutions shield resources in the cloud.

Intrusion Prevention Systems (IPS): watch for and block attacks from external users or processes that get past the firewall.

Security Information & Event Management (SIEM): SIEM products gather data from different device logs on the network and can monitor for anomalies. Traffic-founded NTA/NDR products complement SIEMs by analyzing records and acting. NTA/NDR is vital to advancing visibility beyond logs.

There's much to protect in a network and many approaches. Yet rather than having a dozen or more point solutions (each with its interface console) to manage, wouldn't it be easier, faster, and more efficient to have just one? That's where XDR / Open XDR comes in.

Definitions of XDR

Initial definitions of XDR – eXtended or Entirety Detection and Response – imagined it as a single platform that unites detection and response across the entire security kill chain. The idea is that contrary to operating a dozen or more separate security consoles to monitor and protect the network, XDR unifies the telemetry from those tools and presents it in a single dashboard. The more advanced products unify the data and correlate and analyze it automatically to give a prioritized list of threats with recommendations about how to neutralize them.

How can the market define XDR, specifically? That depends on who you ask. As Rik Turner, a lead analyst at Omdia who coined the XDR acronym, XDR is "a single, stand-alone solution that provides integrated threat detection and response capabilities." To meet Omdia's criteria to be classed as a "comprehensive" XDR solution, a product must offer threat detection and response functionality across endpoints, networks, and cloud computing environments.

Gartner's definition is alike in that it points to attributes such as alert and incident correlation, built-in automation, multiple streams of telemetry, multiple forms of detections (built-in detections), and multiple response methods. However, Gartner requires XDR to be accomplished through consolidating multiple proprietaries and vendor-specific security products.

Forrester's definition of XDR needs the platform to be anchored around an EDR. Therefore, it defines Native XDR as EDR incorporating a vendor's security tools; Hybrid XDR as EDR integrating with third-party security tools; an SAP (Security Analytics Platform) as a platform without built-in EDR but with built-in NAV and SOAR with third-party integrations; and SSA (Standalone Security Analytics) as those platforms that depend solely on third-party tools for telemetry sources and responses.

Open XDR

Stellar Cyber initially created open XDR with the same features Gartner mentions, except that not all the safety products/components have to be from the same vendor. Rather, the platform is open and integrates with third-party security tools. As a result, some parts are built-in, and others are added through deep third-party integrations.

The Open XDR moniker was caught by vendors relying purely on a wide ecosystem of third-party tools for telemetry sources and response but didn't offer any built-in components.

How Open XDR Helps

Open XDR addresses a key fact in organizational cybersecurity infrastructures: companies have invested heavily in security tools and don't want to give up those investments to adopt XDR. Instead, Open XDR permits companies to leverage these present investments while making them more useful by automatically correlating their data with data from other tools and sensors.

Moreover, the more advanced Open XDR platforms influence AI and machine learning to reduce analysts' "alert fatigue." For example, rather than managing thousands of alerts from a dozen or more tools, XDR combines related alerts into higher-level incidents and automatically dismisses many warnings based on what it "learns" to be normal behavior in any given environment.

Given the uprising tide of cybersecurity attacks impacting every type of organization, combined with a global shortage of cybersecurity analysts and high analyst turnover rates and burnout, any solution that enhances protection and analyst productivity is welcome. That's the real promise of XDR.