WHAT IS XDR (EXTENDED DETECTION AND RESPONSE)?



best-threat-detectionReliaQuest published a good article a little while back that quickly defines XDR and what it can do for you. This may save you some time and gets you up to speed on the latest security layer.

XDR stands for extended detection and response and is a cross-platform threat detection and response strategy. XDR is a new category that’s been generating a lot of hype in the world of cybersecurity, and for good reason: Some of its hallmarks include centralization of normalized data, correlation of security data and alerts into incidents, and automated data sorting and analysis.

XDR VS. EDR AND SOAR

More traditional cybersecurity methodologies, such as endpoint detection and response (EDR) and security orchestration, automation, and response (SOAR) generally involve reactive approaches to detected threats. The sheer volume of security alerts provided by EDRs and SOARs derived from SIEM data often leads to security team burnout and more time spent tuning tools to avoid false positives than managing threat response.

EDR, NDR, MDR, XDR: It Still Comes Down to Detection and Response >

XDR, on the other hand, enables a proactive approach by delivering visibility into data across clouds, endpoints, and networks, all while using automation and applying analytics to address threats. By automatically grouping lower-confidence activities into singular higher-confidence events, fewer alerts get prioritized for action, freeing the security team up for more urgent actions.

THE BENEFITS OF XDR

While more traditional security programs collect and provide data from the perspective of a particular function, XDR provides access to a full data lake of activity—including detections, metadata, telemetry, NetFlow, etc.—across a variety of individual security programs. And while the data analysis is more comprehensive, the threat alerts are more refined and focused to prevent response overload. That makes analysis easier, and that means fewer false positives.

XDR VS. OPEN XDR

While XDR is a step forward in the world of cybersecurity and threat response, it still suffers from vendor-based restrictions. Simply put, XDR platforms are generally limited to working with products within the same brand, and each XDR tool is tuned to the perspective of its creators.

A vendor-agnostic alternative, ReliaQuest GreyMatter takes an open approach to XDR, working as a glue for multiple XDR platforms and unifying them to work together to protect your network from threats of all shapes and sizes.

Learn more about the Open XDR approach at Reliaquest:


Do you know what's getting through your mail filters?

KnowBe4’s  Mailserver Security Assessment (MSA) helps you assess your organization’s mailserver configuration settings and check the effectiveness of your email filtering rules. With email still the #1 attack vector used by threat actors, you want to see what types of messages may make it through your filters from the outside.

MSA gives you a quick insight at how your mailserver handles test messages that contain a variety of different message types including email with attachments that contain password-protected, macro zipped, and .exe files or have spoofed domains.

msa-screen3Here's how MSA works:

  • 100% non-malicious packages sent
  • Select from 30+ automated email message types to test against
  • Saves you time! No more manual testing of individual email messages using MSA's automated send, test, and result status
  • Validate that your current filtering rules work as expected
  • Results in an hour or less!

Find out now if your mail server is configured correctly, many are not!

Test My Mailserver!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

knowbe4.com/mailserver-security-assessment

Topics: IT Security



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews