了解此云原生, cloud-scalable security solution can unify 和 transform multiple telemetry sources.
XDR解决方案扩展检测和响应(XDR) is a more comprehensive threat detection 和 response capability that's now a common offering of most cybersecurity providers. 这个进行, cloud-scalable security solution can unify 和 transform multiple telemetry sources. 弗雷斯特 将XDR定义为“ 端点检测和响应”(功能).
业界迫切需要推动功能更加积极主动, 包括, 而且是规定性的,没有更多的边界, 数据正在快速地进出云端, 威胁行为者的胜算比以往任何时候都大. XDR承诺更早地发现威胁并更快地响应/修复. Gartner says XDR is a “detection 和 incident response tool that natively integrates multiple security products into a cohesive security operations system.”
和, 根据企业战略集团(ESG), XDR安全“可以作为网络安全力量的倍增器, 而不仅仅是RSA和黑帽大会的下一个热门话题.“关于XDR究竟是一种产品,目前仍存在重大争议? 解决方案? 的演变 安全信息和事件管理(SIEM)?
现在, the most helpful thing to call it is a meaningful approach to more efficient, 有效的检测和响应.
XDR works by leveraging advanced analytics to correlate 警报 from multiple telemetry sources into actionable 威胁情报 that can stop threats earlier in the detection 和 response process. 让我们看一下XDR解决方案的内部工作原理.
XDR应该统一远程用户之间的遥测, 网络数据, 端点, 云——以及接下来发生的一切. 使用良好的XDR方法, 分析人士整理了一些检测结果, 全面的调查, 详细且高度相关的威胁事件, 以及自动响应建议. 分析师s can work simpler, smarter, faster, 和 they’ll always know what to do next.
正确的XDR方法是结束跳转选项卡. It provides a single, comprehensive hub that can be expAnded without technical limitations. Expect SaaS delivery to facilitate collaboration across the office or around the world. XDR还应该减轻安全团队的繁重分析需求, 为您解析和分析警报.
成熟的XDR具有显著不同的信噪比. 正确的方法, 威胁情报勤奋的背后,检测图书馆 means you can trust detections out-of-the-box. 和 all your disparate data should be correlated by user, asset, 和 activity.
弗雷斯特 says XDR should include prescriptive-response cybersecurity playbooks that can be executed with one click. You should expect prebuilt workflows for things like endpoint threat containment, 用户帐户暂停, 以及与Jira和ServiceNow等票务系统的集成.
Traditional SIEMs were built to consume massive amounts of log data 和 provide security teams with analytic 功能. 从那里, 由你来收集相关的安全遥测数据, 相关研究结果, 验证的威胁, 和纠正.
现在,拿一个 XDR方法 – with cloud SIEM at the core – removes analysis 和 configuration from the plate of your 安全运营中心(SOC). The focus is on efficiency, accelerating incident response, 和 creating more space in your day.
传统的SIEM留给你很多东西. 然而,XDR=SIEM + 功能,都与策展. 这意味着团队拥有原生资源, 有关, 以及可操作的遥测技术, 高保真度检测, 以及规范性的反应剧本.
XDR应该远远超出管理和分析SIEM日志的范围. Digital transformation is accelerating 和 “work anywhere” is the new normal. 真正的XDR平台能够应对这些新的安全挑战, 识别来自一系列遥测源和威胁馈送的威胁.
With a growing volume of data to manage comes a growing number of 警报 to investigate. Traditional SIEM solutions typically don’t give analysts the context they need to prioritize those 警报.
这是XDR真正腾飞的地方. 我们指的是杠杆作用 安全自动化和响应(SOAR) practices to automate the weeding out of tons of false positives 和 enrich the quality of 警报 coming in. XDR提炼并引导了最有效的SIEM和SOAR实践, 强调先进的遥测技术, so that teams can be more proactive versus traditional reactive workflows.
功能 is a crucial factor in a SOC’s methodology – it helps to secure specific 端点 across the network 和 prevent stolen workstation credentials, 威胁角色的横向移动, 以及其他难以捉摸的行为. Capturing 有关 context for 警报 is the “special sauce” that extends 终端安全 因此,分析师和专家可以更快地采取行动.
A capable incident detection 和 response (IDR) solution should be able to leverage this extended endpoint telemetry to provide out-of-the-box threat detection. 分析师s could then act faster because they don’t have to sift through mountains of 警报; they can quickly respond to the alert that ranks as the highest priority.
XDR端点解决方案并不局限于基本的威胁检测. 增强端点遥测(EET) 让团队知道是什么触发了特定的检测. They’ll get specific details as to what occurred before 和 after the incident. 和, adding that all important “X” to 功能 means teams will also benefit from file integrity monitoring (FIM) that provides more robust context around the users 和 specific assets involved with a detection.
如果您正在寻找XDR解决方案, you’re not alone: 83% of organizations are increasing their threat detection 和 response budgets, 29%的人承认存在“盲点”,29%的公司需要缩短恢复时间, 27%的人希望了解哪些威胁是优先考虑的.2
Many vendors promising XDR outcomes are assuming you’ll integrate – 和 pay for – the many other cybersecurity technologies you’ll need for the complete telemetry set 和 extended-environment visibility: endpoint agents; network sensors; cloud hookups; 用户行为分析; log ingestion.
It’s important to underst和 what’s included 和 what your team is expected to bring.
那么,XDR最令人期待的结果之一是什么? 承诺结束嘈杂的警报并提供高保真的检测.
问一下方法是个好主意, 威胁情报勤奋的背后,检测图书馆. 试着去理解哲学和概念证明. 亲身体验侦查. 和 finally, learn more by looking at objective third-party analysis or reviews.
找出哪些是自动化的. 分析师们准备好采取行动了吗? 是否嵌入了引导?? XDR应该消除单调, repetitive work 和 leave you the interesting work you trained for – 和 hopefully get you home in time for dinner. 外部, proactive 威胁情报 that goes beyond the perimeter is now the norm in responding to incidents along an increasingly dynamic 攻击表面.
Managed XDR is a services solution provided by an external cybersecurity vendor. 它包含了上面提到的XDR的所有优点, 与技术, 功能, 警报, 响应通常由外部供应商管理. It takes the stress of managing an extended detection 和 response program off of the shoulders of the internal security team, 并允许SOC转向其他倡议和关注领域.
除了底层的XDR功能, 管理检测和响应(MDR) 通常包括 数字取证 违规反应,常规 威胁狩猎24x7x365监控,以及攻击者拦截能力. By adding XDR 功能, security teams no longer have to jump in 和 out of multiple tools. A managed-services partner should be able to surface only true threats 和 help you create a remediation plan tailored specifically to the attack 和 how it’s affecting your organization.
When a SOC partners with an MDR provider well versed in XDR 功能, that team is ensuring it can continue to innovate to drive the business forward while also receiving 警报 with the proper context to prioritize.
1 企业战略集团(ESG), 2021年2月