Lead Image © Kritiya, 123RF.com
Extended detection and response in networks, endpoint devices, and the cloud
Searching for a Cure
Information technology (IT) is indispensable for core processes in companies that face a tremendous threat to their IT systems. Cybersecurity has moved beyond the IT department to become a central management task. Laws, regulations, and the associated rules of critical infrastructures (CRITIS) make it clear how great is this threat and the need for suitable countermeasures. Manufacturers and service providers have long since responded with an almost countless range of products and services, from traditional software products such as antimalware to artificial intelligence (AI)-based systems for identifying security incidents and the complete operation of security operations centers as a service.
One of the biggest challenges is not the lack of suitable technology, but how to use it correctly and the personnel and knowledge required to do so. Even where technology is good and powerful, it still has to be used properly, and the skills gap (i.e., the lack of personnel and knowledge) has long been a central issue, especially in the complex field of IT security. In this environment, can improved and more powerful integrated solutions such as extended detection and response (XDR) be understood, and what exactly do you need to understand these solutions?
Devices and Networks
XDR as a term emerged in 2018 and is attributed to software vendor Palo Alto Networks. As the term implies, it is about extending existing systems and detecting, identifying, and responding. The integrated approach is not inherent in this term but is an important implicit component. XDR systems are typically offered as software as a service (SaaS), although this is not a requirement in terms of strategy.
The extension part in XDR specifically refers to endpoint detection and response (EDR), as well as network detection and response (NDR). XDR now creates approaches that focus on both endpoints and networks, where
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Detecting security threats with Apache Spot
Security vulnerabilities often remain unknown when the data they reveal is buried in the depths of logfiles. Apache Spot uses big data and machine learning technologies to sniff out known and unknown IT security threats. -
Security analysis with Microsoft Advanced Threat Analytics
Classic security safeguards, like antivirus and firewall products, are imperative for system protection. To search proactively for network intruders, as well, Microsoft offers Advanced Threat Analytics – a tool that will help even less experienced admins. -
Set up and operate security monitoring throughout the enterprise
We describe some basic considerations for choosing a Security Information and Event Management system and designing its implementation. -
Cloud security with AWS GuardDuty
AWS GuardDuty uses machine learning and threat intelligence to identify malicious activity for continuous security monitoring in the cloud. -
Open Source Security Information and Event Management system
Systems, network, and security professionals face a big problem managing disparate security data from a variety of sources. OSSIM gives IT security professionals the capacity to cut through the noise and gain wisdom and foresight in defending and managing their networks.