Gartner recently released their Market Guide for Extended Detection and Response report. The report’s Market Description section states that “XDR can improve Security Operations staff productivity by converting a large stream of alerts into a condensed number of incidents that can be manually investigated efficiently,” and by “reducing training and skills needed to complete operational tasks by providing a common management and workflow experience across security products.”
Of the ten XDR vendors listed, only one offers an “Open XDR” technology.
But, what exactly is Open XDR?
The rise of Open XDR
One of the ways to keep up with the emergence of more sophisticated and aggressive threats is the integration of disjointed security solutions.
For decades, organizations have been using security tools and services from various vendors, which makes it difficult to have a comprehensive view of threats to spot and respond to them in a more agile manner.
This seamless consolidation of security solutions is achievable with open extended detection and response or Open XDR. Also known as open cross-platform detection and response, this cybersecurity technology is designed to integrate various security tools that used to be non-integrable or hard to bring together. It allows organizations to have a unified view of their cybersecurity situation and facilitates more efficient threat discovery, investigation, and response.
Open XDR is different from traditional XDR because it is not vendor-specific. It can pool security data from all security tools and conduct advanced analysis to ensure maximum security visibility and reduce complexity. It supports third-party integration, not just the integration of different tools from the same vendor or various tools that are already integrable.
Open XDR ensures rapid threat detection, optimum threat visibility, reduced false positives, and enhanced incident response under a scalable and cost-efficient platform that also supports continuous improvement. These benefits are possible through extensive, vendor-agnostic security tools integration.
Open XDR with Stellar Cyber
Stellar Cyber is the sole Open XDR vendor in Gartner’s report. They offer a unique approach to Open XDR implementation. Recognizing the pros and cons of the “Build/Acquire Everything” and “Integrate with Everything” models, Stellar developed a hybrid approach that takes into account the benefits and drawbacks of these opposing paradigms.
For those unfamiliar with these integration models, “Build/Acquire Everything” is about providing a consistent or predictable user experience by piecing together security solutions from the same vendor or collaborating vendors. Meanwhile, “Integrate with Everything” allows organizations to come up with combinations of security tools with almost no limitations.
The former may sound restrictive, but many organizations prefer it because they can readily use the resulting open XDR solution; they no longer have to go through the process of assembling different tools. The latter offers maximum flexibility, but it is not the best option for those who do not have enough experience and expertise in cybersecurity products.
Stellar Cyber acknowledges this major dilemma, so it offers a compromise between the two approaches. In particular, it provides an Open XDR platform that already has built-in network detection and response (NDR), security information and event management (SIEM), threat intelligence platform (TIP), and AI-powered enhanced detection and response functions. These capabilities are then integrated with other security solutions such as endpoint detection and response (EDR), intrusion detection system (IDS), and user entity behavior analytics (UEBA).
Stellar Cyber has an API and an AI engine that makes it significantly easier to integrate security tools and achieve the most comprehensive security visibility. The API supports seamless integration while the AI engine automatically correlates incidents and processes security alerts to prioritize the most urgent notifications and considerably reduce false positives, which are quite prevalent.
Open XDR with ‘Universal EDR’
Stellar introduced the idea of universal EDR, which is essentially an existing EDR solution that becomes Open XDR by integrating with Stellar’s Open XDR platform. Virtually any EDR product can become part of Stellar’s Open XDR, which supports more than 400 integrations out of the box. Even better, Stellar says that their Open XDR platform not only integrates with EDR systems but also makes them better.
In particular, Stellar’s Open XDR platform can improve the alert fidelity of the EDR being integrated. This is done through a system called “Alert Pathways,” which undertakes robust data normalization and enrichment, noise reduction, automatic correlation, and contextualization.
Alert Pathways has three main techniques, namely passthrough enrichment, deduplication, and machine learning event-based contextualization and correlation.
- Passthrough enrichment entails the normalization of data from the EDR system and the addition of complementing and supplementing data from threat intelligence, the MITRE ATT&CK framework, and other cybersecurity data sources to boost alert fidelity.
- Deduplication is essentially the removal of redundant and unnecessary information to reduce the amount of the data that requires processing and ensure more efficient responses.
- Lastly, the machine learning event-based technique employs different machine learning models to contextualize and correlate security alerts. This process results in better accuracy and timely responses.
Recommended Technology News: Hong Kong to Attract Thousands of AI & Web3 Companies as CoinW Prepares for Hong Kong Branch Launch
Comments are closed.