Small and medium businesses are increasingly turning to MSSP to keep their businesses secure because they simply don’t have the resources to effectively manage their security technology systems. However, it is also a challenge for MSSPs to incorporate an effective yet manageable security technology to guard their customers, especially at affordable rates.
This is where Extended Detection and Response (XDR) comes in and can help MSSPs increase profits from SMBs and SMEs and improve their protections. XDR is heating up in the MSSP market as these security service providers reap huge financial and operational benefits from this nascent technology. XDR promises much better security results at a lower cost than the current security stack approaches that most MSSPs currently have.
One point of difficulty that continues to arise in the XDR discussion concerns the different technological approaches that XDR vendors rely on to deliver platform capabilities. Most of us have heard the three main approaches mentioned – Native XDR, Open XDR and Hybrid XDR – but still do not understand the main benefits and limitations of each. Fortunately, an informative guide has just been released (click here to download) to help MSSPs understand and evaluate each of these approaches.
Potential benefits that XDR can provide to MSSPs
Before diving into each approach, let’s take a look at the main benefits we’ve heard XDR can provide to MSSPs. We can then evaluate the position of each of the three XDR approaches to delivering on those promises.
In general, XDR should provide MSSP with the following capabilities – at a minimum:
Extended telemetry for enhanced threat visibility Security data correlation for improved accuracy and consolidation of incident alerts Expand, orchestrate, and automate response actions deputy across the environment
The ultimate benefit provided by these capabilities is better security outcomes than can be achieved by purchasing and integrating a traditional set of security technologies. Since the XDR platform is purpose-built to improve and automate threat detection, investigation, and response, it could theoretically stop a wide range of threats with precision. much higher.
In addition to security improvements, XDR solutions can also reduce MSSP costs. Because some XDR platforms include multiple telemetry sources and security capabilities, they may allow MSSP to replace existing technologies. The enhanced automation offered by some XDR solutions can enable MSSPs to reduce employee dependency by significantly reducing manual investigations and response requests.
3 approaches to XDR
Let’s face it, every security vendor aspires to be in a hot tech space. Because security is still a dynamic market, it only makes sense as some vendors look to redesign their technology with what’s hot in the hopes of matching spending. The XDR approach offered by a particular vendor is essentially based on the current set of services offered by that vendor. Take a look at the three approaches and you’ll see what I mean. For a more complete explanation and discussion, visit the new Cynet guide here [LINK HERE].
A vendor that provides all components of an XDR solution is considered Native XDR. This means that buyers will not need to purchase and integrate additional technology solutions into the Native XDR platform to enjoy the benefits. In general, native XDR platforms are provided by vendors with robust EDR services.
Since the native XDR platform contains all the necessary components, it will work seamlessly without any integration. This approach provides a turnkey, fully operational platform that can allow MSSP to eliminate redundant tools and not have to worry about ongoing system-related upgrade and integration issues. multi-vendor technology system. One downside is that Native XDR is not customizable, so make sure the solution provides everything you need.
The XDR platform that requires integration with many third-party vendors, especially for telemetry, is considered the Open XDR platform. The Open XDR Platform integrates and correlates signal from 3rd party tools for threat detection and also rely on 3rd party tools to implement recommended response actions. In general, Open XDR platforms are offered by existing SIEM and SOAR vendors, as well as newer technology entrants, especially those without an EDR offering.
The Open XDR Platform allows MSSP to continue using most of their current toolkits or any components that can be integrated into the Open XDR platform. The open XDR platform is very flexible, so MSSP can be swapped between the same engine components. However, Open XDR platforms will add to the cost as most of the technology in place will need to be maintained to power the Open XDR engine. And the jury is still out on exactly how third-party tools can be seamlessly integrated and coordinated with the Open XDR platform. If SIEM is any indicator, be forewarned.
A single vendor that provides almost all components of an XDR solution, while also allowing integration of a 3rd party tool known as Hybrid XDR. This means that buyers will not necessarily need to purchase and integrate additional technology solutions into the XDR platform to enjoy the benefits, but can do so to expand or replace existing technologies. in the platform. The Hybrid XDR platform is typically offered to vendors of EDR solutions, especially larger vendors looking to bring a broad portfolio of solutions to the platform.
Theoretically, Hybrid XDR platforms could provide the benefits of both native and Open XDR platforms. If the Hybrid XDR vendor has a robust set of native tools, and if the Hybrid XDR platform can seamlessly integrate a wide variety of third-party tools, this may be the case. However, some Hybrid XDR vendors essentially bundle together a library of tools that are poorly integrated and barely work together.
The benefits MSSP derives from an XDR platform will vary widely depending on the vendor’s approach and its actual implementation. While the promise of XDR is great, MSSPs must be wary of existing XDR solutions as security vendors are clamoring to accommodate this rapidly evolving technology, regardless of their ability to deliver.
Download the XDR Guide for MSSP here