Email Security

    The Benefits of XDR Solutions: It's Time to Learn More
     

    Organizations hoping to stay at the forefront of cybersecurity should be evaluating and implementing XDR solutions

    by Andrew Williams

    Key Points

    • Cyberthreats can come from anywhere, so workers and security teams need to be prepared.
    • XDR solutions have many real-world benefits that can help organizations prepare for ever evolving cyberattacks.
    • Organizations need to understand the key differences between a native and an open approach to implementing XDR solutions.
    • To learn more about integrating XDR and email security solutions, attend the Smarter XDR Demands Email Security session at the Gartner Security & Risk Management Summit or download Mimecast’s XDR: What to Know, What to Do Now white paper.

    What We Already Know: Threats Can Come from Anywhere

    It is widely known by even those outside of the security operations center that disastrous breaches can come from anywhere at any time. Security professionals must continually sharpen their focus on threat detection, investigation, and response.

    Workers operating daily in today’s high-risk digital environments need to know how to manage growing threats more coherently and holistically. Meanwhile, security teams need to rely on deeper integration and far more automation in order to meet the growing threats from the cybercriminals who target these workers.

    The Benefits of XDR in the Real World

    Extended detection and response (XDR) solutions can unify threat detection, hunting, investigation, and response. XDR solutions can optimize an organization’s cybersecurity functions and tools by leveraging tightly integrated real-time or near-real-time data from key security systems. This data can then be used to analyze, triage, and investigate cyberthreats prior to instructing an organization’s cybersecurity systems to take the necessary and most effective automated actions.

    XDR not only accelerates threat detection and response, but can improve the overall productivity of security analysts and security operations teams at all levels. In addition, lower-level analysts will be able to accomplish much more via automation after being freed from many of the false positives that XDR can eliminate. Higher-level analysts will receive more sophisticated, timelier analytics and recommendations for remediating advanced attacks, and insights for performing more proactive threat hunting.

    In real-world implementations, XDR can link an attempt to change a registry key on an endpoint with network telemetry from multiple systems to recognize a connection with traffic to a specific IP address, seeing how information traversed internal switches to reach a high-risk Internet site that delivered a keylogger-infected file to the endpoint. XDR can then capture secure email gateway telemetry, linking the same attack to an attempt to send emails containing high-risk links from the infected endpoint to accounts throughout an organization.

    XDR’s machine learning analysis, based on multiple data sources, can recognize this attempt at widespread data exfiltration almost immediately. XDR can also recommend a set of remediations and immediately execute them through the same linked systems. In addition, XDR can isolate all endpoints impacted by the attack and instruct a secure email gateway to delete any dangerous emails delivered within the organization before the attack was discovered. Since all of this analysis occurs in near-real-time, an automated response such as this can prevent most of those emails from being opened by recipients within the organization. Meanwhile, the XDR system has developed and stored knowledge it can use in the future to recognize attacks with similar characteristics going forward, enabling it to respond even more accurately and quickly in the future.

    Evaluating XDR Solutions

    Once security professionals have assessed the benefits of XDR, they need to begin evaluating XDR solutions for their organization. These security leaders need to recognize that there are two unique approaches to XDR. The first, known as native XDR, encourages an organization to buy into most or all of a single cybersecurity provider’s security stack. This requires the organization to make the assumption that the security vendor will ensure integration of the native security systems that feed the XDR. Organizations that do so take on the risk of vendor lock-in to suboptimal systems as well as the risk that attackers need to evade just one defender’s products in order to compromise the organization. Even more troubling is that adopting monoculture solutions in this manner may require organizations to abandon security systems that are working well.

    The second XDR approach, known as open XDR, allows organizations to keep relying on the best-in-class security solutions they have already invested in and implemented. With the open approach to XDR, organizations can connect these already-working and already-owned security systems from a variety of vendors to any new solutions they choose to implement. Mimecast believes that the open approach to XDR is the most beneficial for most organizations.

    Whether an organization is looking to take its very first steps toward implementing an XDR solution or has already been implementing XDR solutions for some time, Mimecast stands ready to help determine which are the right set of XDR solutions and help evaluate and plan for either initial or additional deployment.

    If you would like to learn more about XDR and how it works better with email security tools, be sure to download Mimecast’s XDR: What to Know, What to Do Now white paper. 

     

     

    **This blog was originally published on June 1, 2022.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top