Beyond XDR: The New Frontier

The dictionary says that 'beyond' is 'happening or continuing after a specified event'; it also indicates that is exceeding, surpassing, and even transcending. We, the industry, have been praising the benefits of XDR (extended detection and response) after having experienced the discipline for the endpoint (EDR), a managed approach for detection and response (MDR) and other similar acronyms. While XDR sits at the heart of it all (where the X is like the nexus, the crossroads, where multiple security controls meet, we believe in going above and beyond (pun intended).

We see the need for building an overarching umbrella that capitalizes on the disciplines of SIEM, that builds on the unique capabilities of not just correlation but super-correlation (due to the magnitude of the data lakes that can be nurtured and used), that accelerates not only the time-to-respond but the time-to-protect. We have envisioned a new epoch for threat intelligence to thrive with improved protection and response capabilities, born in the cloud and raised as a SaaS-native dimension. The time has come for enterprises and societies at large to leverage the technology to safeguard what matters most, across a landscape of technology assets -- from endpoints to datacenters, from the network to the cloud, from devices to applications.

This can only be done by fully understanding the TTP (tactics, techniques, and procedures) of bad actors. We will achieve that by comprehending the way cyber criminals try to circumvent existing traditional controls and preventing their next move using an unparalleled threat intelligence capability. We stand on moving beyond XDR since it can bring second-to-none control and visibility on what's happening in every in and out vector of a corporation.

What if we could guess the moves of an offender before she/he acts? What if we could prevent an attack even if they try to disguise or attract the attention of a cyber analyst in a SOC to another deed? What if we could gather intelligence from multiple sources and use algorithms such as the ones on unsupervised machine learning to have a preventative, proactive, consistent, coherent, unified, and simplified approach to detection and response?

The answer is, to our belief, at three clicks of distance and our engineers have been working tirelessly to provide a highly visual, robust and solid dimension to reducing the number of false positives and integrating -- not just connecting -- relevant data from multiple sources for a more accurate incident triage. We believe this is not just an era of changes but the change of an era. Unsupervised machine learning -- that learns from observation rather than by example -- can be and actually is another actor on our side to provide automation and orchestration, to get rid of human mistakes.

We feel that the book has been written when it comes to providing more options than just simply checking infrastructure or closing connections. The world needs actionable information and not just a large stream of alerts that can confuse and distract from the real task: threat hunting, investigation, prevention, and protection.

Cyber resiliency is made out of the following four verbs: Anticipate; withstand; recover; evolve. There has never been a better time to talk about risk prioritization, risk mitigation, risk reduction, risk governance, and risk response. Cyber criminals are not stopping because we have entered 'the remote working era'. The way technology can understand +1400 different formats, turn video, text, emails and even voice into a source for threat detection looks like magic, and we must use the power within to maximize the control and visibility of security professionals.

The time has come to leverage very powerful visualization tools that leave an investigation at three clicks of distance -- and cross-pollinate information from different geographies, industries, verticals -- with one goal and one goal only: protect and defend. We had a vision a few months ago that took us into the journey of going beyond XDR. We feel it is the way to go, a new dimension to complete and complement good initiatives such as EDR, EPP (endpoint protection), MDR, XDR, etc. For us, it represents a new opportunity to shine at what we do best: engineer excellent solutions to protect, defend and safeguard people and data. For our society, it is the chance to embrace beyond existing solutions. A new frontier.

With a background education in business administration (MBA) and law, Ramsés Gallego is a 22+ years security professional with deep expertise in the risk management and governance areas. Ramsés is the International Chief Technology Officer, Cybersecurity, at Micro Focus, where he defines the vision and mission, purpose and promise of the company in that arena.