Extended Detection and Response (XDR) An Overhyped Product Category With Ultimate Security Potential

Raffael Marty
Raffael MartyGeneralManager Cybersecurity at ConnectWise
Extended Detection and Response (XDR) An Overhyped Product Category With Ultimate Security Potential R a f f a e l M a r t y G e n e r a l M a n a g e r C y b e r s e c u r i t y, C o n n e c t W i s e 3/ 3 1 / 2 2
Raffael Marty General Manager Cybersecurity @ ConnectWise Professional: • Based in Austin, TX • General Manager Cybersecurity @ ConnectWise • Chief Research and Intelligence Officer @ Forcepoint • Head of Security Analytics @ Sophos • Founder @ Loggly – the first logging as a service platform • Chief Security Strategist @ Splunk • Head of Content @ ArcSight Other: • Investor and Advisory • LED Tinkerer • Zen Student
• What You Should Know About XDR • The Cybersecurity Challenge • The Cyber Defense Matrix • The MSP Product Landscape • What’s XDR? • What does XDR mean for MSPs? Extended Detection and Response (XDR)
• There is too much hype around XDR • Extended Detection and Response (XDR) is here to stay • No two vendors define XDR the same way • The XDR “concepts” have a lot of potential and you should understand them What You Should Know About XDR
Cybercrime To Cost The World $10.5 Trillion Annually By 2025
Introducing the Cyber Defense Matrix Identify Protect Detect Respond Recover Devices Applications Networks Data Users
Product Categories in the Matrix Identify Protect Detect Respond Recover Devices Asset Mgmt, Vuln Mgmt, Certificate Mgmt AV, EPP, FIM, HIPS, Whitelisting, Patch Mgmt, Email security EPP, UEBA, SIEM EP Response, EP Forensics IR Applications SAST, DAST, SW Asset Mgmt, Fuzzers CASB RASP, WAF, ZT App Access, CASB, SSPM Source Code Compromise, App IDS, SIEM,CASB, SSPM SSPM IR Networks Netflow, Network Discovery, Vuln Mgmt FW, IPS, UTM, Microseg, ESG, SWG, SASE, ZTNA, DNS, VPN DDoS Detection, Net Traffic Analysis, UEBA, SIEM, DNS DDoS Response, NW Forensics, SASE IR Data Data Discovery, Classification Encryption, Tokenization, DLP, DRM, DBAM, Email security Dark Web Scanning, Data Behavior Analytics, SIEM DRM, Breach Response Backup Users IAM, Background Chk, MFA Security Awareness Training, MFA Insider Threat, UEBA, SIEM • Not one product covers all areas – one needs multiple solutions to get comprehensive security coverage
Where We Are (SMBs) Identify Protect Detect Respond Recover Devices Excel EDR EDR EDR Applications Networks FW, IPS, VPN IDS Data Encryption Backup Users MFA MFA Security Awareness Training 8 products / solutions Partial Coverage Good Coverage $10T Security Gap
• Based on risk, extend necessary capabilities (leverage an assessment tool) • Implement asset (and application) inventory • Are cloud workloads protected? • Are SaaS applications protected? • Deploy patch management (70% of all breaches happen to unpatched machines) – don’t forget your IoT devices (and your NAS) • Business Email Compromise (BEC) still one of the top attack vectors • Be prepared for the inevitable (Incident Readiness) That’s Not Good Enough
Where SMBs Should Be Identify Protect Detect Respond Recover Devices Asset Inventory (or Vuln Mgmt) EDR Patch Mgmt Email Security EDR Email Security EDR IR Applications Application Inventory (or Vuln Mgmt) CASB, SSPM CASB, SSPM SSPM IR Networks Vulnerability Mgmt FW, IPS, VPN IDS IR Data Encryption Email Security DarkWeb Scanning Backup Users MFA SAT MFA / SSO 15 products / solutions • All operating systems • On-prem, cloud, IoT • On-prem and SaaS • Covering BYOD • Dealing with alert monitoring and false positives • What data? • MFA across all applications (on- prem, cloud, SaaS) New Additions
Further capabilities not covered in the matrix: • Orchestrate remediation and response [includes SOAR] • Conditional access, step up auth, zero trust • Risk-based analytics engine [includes UEBA] • Common policy and workflow engine (enforce across any channel) • Alert triage with enriched alerts and incidents in a single pane of glass • Threat intelligence across channels Shortcomings of the Cyber Defense Matrix ‘coverage’ ‘interplay’
SIEM and MDR Security Information and Event Management (SIEM) • Provides a single console to see across multiple point solutions • Supports other use-cases, such as compliance reporting or assisting in incident response scenarios • No response capability
SIEM and MDR Managed Detection and Response • Outsources ability to stay up to date on latest threats • Running your own SOC is expensive • Provides 24x7 monitoring • Provides basic response • Often lacks full response capability • Generally lacks data and user security
EDR++ SIEM++ A New Concept - What Is XDR? vs Identify Protect Detect Respond Recover Devices Applications Networks Data Users Identify Protect Detect Respond Recover Devices Applications Networks Data Users
The XDR Platform XDR Platform (cloud based) Multi-vendor Product Ecosystem Detection Response Driving Outcomes – The Right Way to Invest in Security • Decreased mean time to detection and response (MTTD and MTTR) • Operationalize manual steps into automated actions • Superior protection and detection (higher accuracy) • Move left of boom • Improve efficacy of entire product ecosystem • Decreased deployment complexity Multi-channel Threat Intelligence Policy
XDR – Intelligence and Orchestration Extended Detection and Response (XDR) • Bi-directional information flow • Automated response and remediation • Central policy • Risk centric • Drive zero trust and left of boom detections vs. Security Information and Event Management (SIEM) • Threat detection use-cases • Threat hunting • Compliance reporting • Event centric • Long term storage • Needs point products to provide data and execute actions • Unfortunately not what you get from XDR vendors today…
Point Products • You need individual products • Find products that cover multiple areas • Get a handle on inventory of devices and applications XDR • Do not let the XDR vendors fool you • If you are just starting out, start with MDR • Find a vendor that has a vision you can understand and matches your path • Plot a path to zero trust data access • Can your XDR provider match your existing processes (e.g., via your RMM)? Process • Find a vendor that meets you where you are and matches your growth strategy (DIY, DWY, DFY) • Work with a vendor that offers products, education, and coaching • Be incident ready and please, have backups Next Steps on Your XDR Journey Identify Protect Detect Respond Recover Devices Applications Networks Data Users
Grow your cybersecurity practice June 6-8, 2022 Gaylord Palms Resort & Convention Center | Orlando theitnation.com/secure Secure TM
Thank You @raffaelmarty connectwise.com/cybersecurity
1 of 19

Extended Detection and Response (XDR) An Overhyped Product Category With Ultimate Security Potential

Download to read offline
Internet

Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products. In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.

Raffael Marty
Raffael MartyGeneralManager Cybersecurity at ConnectWise

Recommended

Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf by
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
141 views142 slides
Cyber Threat Intelligence by
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
7.4K views32 slides
cyber-security-reference-architecture by
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
742 views20 slides
Zero Trust Model Presentation by
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
12.2K views19 slides
Security operation center (SOC) by
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
1.3K views17 slides
Building a Next-Generation Security Operations Center (SOC) by
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
5.1K views22 slides

More Related Content

What's hot

What We’ve Learned Building a Cyber Security Operation Center: du Case Study by
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
480 views26 slides
Lessons Learned from the NIST CSF by
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
3.4K views29 slides
PaloAlto Enterprise Security Solution by
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
588 views64 slides
security-reference-architecture.pdf by
security-reference-architecture.pdfsecurity-reference-architecture.pdf
security-reference-architecture.pdfJoniGarcia9
112 views8 slides
Soc by
SocSoc
SocMukesh Chaudhari
712 views9 slides
The Next Generation of Security Operations Centre (SOC) by
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
4.7K views26 slides

What's hot(20)

What We’ve Learned Building a Cyber Security Operation Center: du Case Study by Priyanka Aash
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
Priyanka Aash480 views
Lessons Learned from the NIST CSF by Digital Bond
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond3.4K views
PaloAlto Enterprise Security Solution by Prime Infoserv
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv588 views
security-reference-architecture.pdf by JoniGarcia9
security-reference-architecture.pdfsecurity-reference-architecture.pdf
security-reference-architecture.pdf
JoniGarcia9112 views
Soc by Mukesh Chaudhari
SocSoc
Soc
Mukesh Chaudhari712 views
The Next Generation of Security Operations Centre (SOC) by PECB
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB 4.7K views
An introduction to SOC (Security Operation Center) by Ahmad Haghighi
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi22.5K views
How To Present Cyber Security To Senior Management Complete Deck by SlideTeam
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam518 views
Cyber Defense Matrix: Reloaded by Sounil Yu
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu14.4K views
7 Steps to Build a SOC with Limited Resources by LogRhythm
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm109.5K views
DTS Solution - Building a SOC (Security Operations Center) by Shah Sheikh
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh46.7K views
SOC Architecture - Building the NextGen SOC by Priyanka Aash
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash4.6K views
Network Access Control (NAC) by Forescout Technologies Inc
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
Forescout Technologies Inc5.1K views
Cybersecurity Roadmap Development for Executives by Krist Davood - Principal - CIO
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO1.3K views
SOCstock 2021 The Cloud-native SOC by Anton Chuvakin
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC
Anton Chuvakin429 views
Security operation center by MuthuKumaran267
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267467 views
Realizing the Full Potential of Cloud-Native Application Security by Ory Segal
Realizing the Full Potential of Cloud-Native Application SecurityRealizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application Security
Ory Segal215 views
Crowdstrike .pptx by uthayakumar174828
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
uthayakumar174828158 views
Understanding Your Attack Surface and Detecting & Mitigating External Threats by Ulf Mattsson
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Ulf Mattsson994 views
SIEM Primer: by Anton Chuvakin
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin4.7K views

Similar to Extended Detection and Response (XDR) An Overhyped Product Category With Ultimate Security Potential

seqrite-mssp-portal-datasheet.pdf by
seqrite-mssp-portal-datasheet.pdfseqrite-mssp-portal-datasheet.pdf
seqrite-mssp-portal-datasheet.pdfseqriteseo
15 views8 slides
Chap 6 cloud security by
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
5.5K views17 slides
Managed Security Operations Centre Alternative - Managed Security Service by
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Netpluz Asia Pte Ltd
116 views20 slides
ciso-platform-annual-summit-2013-Hp enterprise security overview by
ciso-platform-annual-summit-2013-Hp enterprise security overviewciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overviewPriyanka Aash
1.2K views16 slides
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina... by
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
90 views35 slides
QRadar-XDR-Solution.pdf by
QRadar-XDR-Solution.pdfQRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfssuserf5beb3
14 views12 slides

Similar to Extended Detection and Response (XDR) An Overhyped Product Category With Ultimate Security Potential(20)

seqrite-mssp-portal-datasheet.pdf by seqriteseo
seqrite-mssp-portal-datasheet.pdfseqrite-mssp-portal-datasheet.pdf
seqrite-mssp-portal-datasheet.pdf
seqriteseo15 views
Chap 6 cloud security by Raj Sarode
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode5.5K views
Managed Security Operations Centre Alternative - Managed Security Service by Netpluz Asia Pte Ltd
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service
Netpluz Asia Pte Ltd116 views
ciso-platform-annual-summit-2013-Hp enterprise security overview by Priyanka Aash
ciso-platform-annual-summit-2013-Hp enterprise security overviewciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overview
Priyanka Aash1.2K views
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina... by Emrah Alpa, CISSP CEH CCSK
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Emrah Alpa, CISSP CEH CCSK90 views
QRadar-XDR-Solution.pdf by ssuserf5beb3
QRadar-XDR-Solution.pdfQRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdf
ssuserf5beb314 views
Protecting health and life science organizations from breaches and ransomware by Cloudera, Inc.
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
Cloudera, Inc.849 views
AlienVault MSSP Overview - A Different Approach to Security for MSSP's by AlienVault
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault3.6K views
Cyber Defined! MDR, XDR, EDR, NDR by Advanced Technology Consulting (ATC)
Cyber Defined! MDR, XDR, EDR, NDRCyber Defined! MDR, XDR, EDR, NDR
Cyber Defined! MDR, XDR, EDR, NDR
Advanced Technology Consulting (ATC)278 views
TIG / Infocyte: Proactive Cybersecurity for State and Local Government by Infocyte
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte162 views
Daniel Grabski | Microsofts cybersecurity story by Microsoft Österreich
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
Microsoft Österreich227 views
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf by Kranthi Aragonda
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Kranthi Aragonda16 views
Azure Operation Management Suite - security and compliance by Asaf Nakash
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and compliance
Asaf Nakash661 views
Cyber Security Needs and Challenges by Happiest Minds Technologies
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
Happiest Minds Technologies4.1K views
Cyber Security protection by MultiPoint Ltd. by Ricardo Resnik
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
Ricardo Resnik1.2K views
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 by sucesuminas
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas1.3K views
Crush Cloud Complexity, Simplify Security - Shield X by Prime Infoserv
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
Prime Infoserv160 views
BATbern48_How Zero Trust can help your organisation keep safe.pdf by BATbern
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern320 views
XG Firewall by DeServ - Tecnologia e Servços
XG FirewallXG Firewall
XG Firewall
DeServ - Tecnologia e Servços5.1K views
Cyber Security in the market place: HP CTO Day by Symantec
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
Symantec2.2K views

More from Raffael Marty

Exploring the Defender's Advantage by
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's AdvantageRaffael Marty
137 views36 slides
How To Drive Value with Security Data by
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security DataRaffael Marty
3.4K views7 slides
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes? by
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
6.4K views30 slides
Artificial Intelligence – Time Bomb or The Promised Land? by
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
1K views20 slides
Understanding the "Intelligence" in AI by
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIRaffael Marty
942 views12 slides
Security Chat 5.0 by
Security Chat 5.0Security Chat 5.0
Security Chat 5.0Raffael Marty
449 views14 slides

More from Raffael Marty(20)

Exploring the Defender's Advantage by Raffael Marty
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
Raffael Marty137 views
How To Drive Value with Security Data by Raffael Marty
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
Raffael Marty3.4K views
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes? by Raffael Marty
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty6.4K views
Artificial Intelligence – Time Bomb or The Promised Land? by Raffael Marty
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
Raffael Marty1K views
Understanding the "Intelligence" in AI by Raffael Marty
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
Raffael Marty942 views
Security Chat 5.0 by Raffael Marty
Security Chat 5.0Security Chat 5.0
Security Chat 5.0
Raffael Marty449 views
AI & ML in Cyber Security - Why Algorithms are Dangerous by Raffael Marty
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
Raffael Marty7.2K views
AI & ML in Cyber Security - Why Algorithms Are Dangerous by Raffael Marty
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
Raffael Marty13.9K views
Delivering Security Insights with Data Analytics and Visualization by Raffael Marty
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
Raffael Marty3.7K views
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed by Raffael Marty
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
Raffael Marty4.5K views
Security Insights at Scale by Raffael Marty
Security Insights at ScaleSecurity Insights at Scale
Security Insights at Scale
Raffael Marty2.5K views
Creating Your Own Threat Intel Through Hunting & Visualization by Raffael Marty
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty2.7K views
Creating Your Own Threat Intel Through Hunting & Visualization by Raffael Marty
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty25.2K views
Visualization in the Age of Big Data by Raffael Marty
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
Raffael Marty6.9K views
Big Data Visualization by Raffael Marty
Big Data VisualizationBig Data Visualization
Big Data Visualization
Raffael Marty41.5K views
The Heatmap
 - Why is Security Visualization so Hard? by Raffael Marty
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty2.5K views
Workshop: Big Data Visualization for Security by Raffael Marty
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
Raffael Marty22.1K views
Visualization for Security by Raffael Marty
Visualization for SecurityVisualization for Security
Visualization for Security
Raffael Marty7.7K views
The Heatmap
 - Why is Security Visualization so Hard? by Raffael Marty
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty8K views
DAVIX - Data Analysis and Visualization Linux by Raffael Marty
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization Linux
Raffael Marty4.2K views

Recently uploaded

Audience profile.pptx by
Audience profile.pptxAudience profile.pptx
Audience profile.pptxMollyBrown86
12 views2 slides
Serverless cloud architecture patterns by
Serverless cloud architecture patternsServerless cloud architecture patterns
Serverless cloud architecture patternsJimmy Dahlqvist
17 views52 slides
informing ideas.docx by
informing ideas.docxinforming ideas.docx
informing ideas.docxMollyBrown86
12 views10 slides
google forms survey (1).pptx by
google forms survey (1).pptxgoogle forms survey (1).pptx
google forms survey (1).pptxMollyBrown86
14 views10 slides
childcare.pdf by
childcare.pdfchildcare.pdf
childcare.pdffatma alnaqbi
14 views4 slides
We see everywhere that many people are talking about technology.docx by
We see everywhere that many people are talking about technology.docxWe see everywhere that many people are talking about technology.docx
We see everywhere that many people are talking about technology.docxssuserc5935b
6 views2 slides

Recently uploaded(20)

Audience profile.pptx by MollyBrown86
Audience profile.pptxAudience profile.pptx
Audience profile.pptx
MollyBrown8612 views
Serverless cloud architecture patterns by Jimmy Dahlqvist
Serverless cloud architecture patternsServerless cloud architecture patterns
Serverless cloud architecture patterns
Jimmy Dahlqvist17 views
informing ideas.docx by MollyBrown86
informing ideas.docxinforming ideas.docx
informing ideas.docx
MollyBrown8612 views
google forms survey (1).pptx by MollyBrown86
google forms survey (1).pptxgoogle forms survey (1).pptx
google forms survey (1).pptx
MollyBrown8614 views
childcare.pdf by fatma alnaqbi
childcare.pdfchildcare.pdf
childcare.pdf
fatma alnaqbi14 views
We see everywhere that many people are talking about technology.docx by ssuserc5935b
We see everywhere that many people are talking about technology.docxWe see everywhere that many people are talking about technology.docx
We see everywhere that many people are talking about technology.docx
ssuserc5935b6 views
UiPath Document Understanding_Day 3.pptx by UiPathCommunity
UiPath Document Understanding_Day 3.pptxUiPath Document Understanding_Day 3.pptx
UiPath Document Understanding_Day 3.pptx
UiPathCommunity95 views
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf by RIPE NCC
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
RIPE NCC15 views
Is Entireweb better than Google by sebastianthomasbejan
Is Entireweb better than GoogleIs Entireweb better than Google
Is Entireweb better than Google
sebastianthomasbejan10 views
Sustainable Marketing by Theo van der Zee
Sustainable MarketingSustainable Marketing
Sustainable Marketing
Theo van der Zee9 views
Existing documentaries (1).docx by MollyBrown86
Existing documentaries (1).docxExisting documentaries (1).docx
Existing documentaries (1).docx
MollyBrown8613 views
IETF 118: Starlink Protocol Performance by APNIC
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol Performance
APNIC124 views
Building trust in our information ecosystem: who do we trust in an emergency by Tina Purnat
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergency
Tina Purnat85 views
information by khelgishekhar
informationinformation
information
khelgishekhar7 views
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf by RIPE NCC
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
RIPE NCC9 views
DU Series - Day 4.pptx by UiPathCommunity
DU Series - Day 4.pptxDU Series - Day 4.pptx
DU Series - Day 4.pptx
UiPathCommunity94 views
PORTFOLIO 1 (Bret Michael Pepito).pdf by brejess0410
PORTFOLIO 1 (Bret Michael Pepito).pdfPORTFOLIO 1 (Bret Michael Pepito).pdf
PORTFOLIO 1 (Bret Michael Pepito).pdf
brejess04107 views
𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲 by Infosec train
𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲
𝐒𝐨𝐥𝐚𝐫𝐖𝐢𝐧𝐝𝐬 𝐂𝐚𝐬𝐞 𝐒𝐭𝐮𝐝𝐲
Infosec train7 views
zotabet.pdf by zotabetcasino
zotabet.pdfzotabet.pdf
zotabet.pdf
zotabetcasino6 views
OMS: Diretrizes para um controle da promoção comercial dos ditos substitutos ... by Prof. Marcus Renato de Carvalho
OMS: Diretrizes para um controle da promoção comercial dos ditos substitutos ...OMS: Diretrizes para um controle da promoção comercial dos ditos substitutos ...
OMS: Diretrizes para um controle da promoção comercial dos ditos substitutos ...
Prof. Marcus Renato de Carvalho88 views

Extended Detection and Response (XDR) An Overhyped Product Category With Ultimate Security Potential

  • 1. Extended Detection and Response (XDR) An Overhyped Product Category With Ultimate Security Potential R a f f a e l M a r t y G e n e r a l M a n a g e r C y b e r s e c u r i t y, C o n n e c t W i s e 3/ 3 1 / 2 2
  • 2. Raffael Marty General Manager Cybersecurity @ ConnectWise Professional: • Based in Austin, TX • General Manager Cybersecurity @ ConnectWise • Chief Research and Intelligence Officer @ Forcepoint • Head of Security Analytics @ Sophos • Founder @ Loggly – the first logging as a service platform • Chief Security Strategist @ Splunk • Head of Content @ ArcSight Other: • Investor and Advisory • LED Tinkerer • Zen Student
  • 3. • What You Should Know About XDR • The Cybersecurity Challenge • The Cyber Defense Matrix • The MSP Product Landscape • What’s XDR? • What does XDR mean for MSPs? Extended Detection and Response (XDR)
  • 4. • There is too much hype around XDR • Extended Detection and Response (XDR) is here to stay • No two vendors define XDR the same way • The XDR “concepts” have a lot of potential and you should understand them What You Should Know About XDR
  • 5. Cybercrime To Cost The World $10.5 Trillion Annually By 2025
  • 6. Introducing the Cyber Defense Matrix Identify Protect Detect Respond Recover Devices Applications Networks Data Users
  • 7. Product Categories in the Matrix Identify Protect Detect Respond Recover Devices Asset Mgmt, Vuln Mgmt, Certificate Mgmt AV, EPP, FIM, HIPS, Whitelisting, Patch Mgmt, Email security EPP, UEBA, SIEM EP Response, EP Forensics IR Applications SAST, DAST, SW Asset Mgmt, Fuzzers CASB RASP, WAF, ZT App Access, CASB, SSPM Source Code Compromise, App IDS, SIEM,CASB, SSPM SSPM IR Networks Netflow, Network Discovery, Vuln Mgmt FW, IPS, UTM, Microseg, ESG, SWG, SASE, ZTNA, DNS, VPN DDoS Detection, Net Traffic Analysis, UEBA, SIEM, DNS DDoS Response, NW Forensics, SASE IR Data Data Discovery, Classification Encryption, Tokenization, DLP, DRM, DBAM, Email security Dark Web Scanning, Data Behavior Analytics, SIEM DRM, Breach Response Backup Users IAM, Background Chk, MFA Security Awareness Training, MFA Insider Threat, UEBA, SIEM • Not one product covers all areas – one needs multiple solutions to get comprehensive security coverage
  • 8. Where We Are (SMBs) Identify Protect Detect Respond Recover Devices Excel EDR EDR EDR Applications Networks FW, IPS, VPN IDS Data Encryption Backup Users MFA MFA Security Awareness Training 8 products / solutions Partial Coverage Good Coverage $10T Security Gap
  • 9. • Based on risk, extend necessary capabilities (leverage an assessment tool) • Implement asset (and application) inventory • Are cloud workloads protected? • Are SaaS applications protected? • Deploy patch management (70% of all breaches happen to unpatched machines) – don’t forget your IoT devices (and your NAS) • Business Email Compromise (BEC) still one of the top attack vectors • Be prepared for the inevitable (Incident Readiness) That’s Not Good Enough
  • 10. Where SMBs Should Be Identify Protect Detect Respond Recover Devices Asset Inventory (or Vuln Mgmt) EDR Patch Mgmt Email Security EDR Email Security EDR IR Applications Application Inventory (or Vuln Mgmt) CASB, SSPM CASB, SSPM SSPM IR Networks Vulnerability Mgmt FW, IPS, VPN IDS IR Data Encryption Email Security DarkWeb Scanning Backup Users MFA SAT MFA / SSO 15 products / solutions • All operating systems • On-prem, cloud, IoT • On-prem and SaaS • Covering BYOD • Dealing with alert monitoring and false positives • What data? • MFA across all applications (on- prem, cloud, SaaS) New Additions
  • 11. Further capabilities not covered in the matrix: • Orchestrate remediation and response [includes SOAR] • Conditional access, step up auth, zero trust • Risk-based analytics engine [includes UEBA] • Common policy and workflow engine (enforce across any channel) • Alert triage with enriched alerts and incidents in a single pane of glass • Threat intelligence across channels Shortcomings of the Cyber Defense Matrix ‘coverage’ ‘interplay’
  • 12. SIEM and MDR Security Information and Event Management (SIEM) • Provides a single console to see across multiple point solutions • Supports other use-cases, such as compliance reporting or assisting in incident response scenarios • No response capability
  • 13. SIEM and MDR Managed Detection and Response • Outsources ability to stay up to date on latest threats • Running your own SOC is expensive • Provides 24x7 monitoring • Provides basic response • Often lacks full response capability • Generally lacks data and user security
  • 14. EDR++ SIEM++ A New Concept - What Is XDR? vs Identify Protect Detect Respond Recover Devices Applications Networks Data Users Identify Protect Detect Respond Recover Devices Applications Networks Data Users
  • 15. The XDR Platform XDR Platform (cloud based) Multi-vendor Product Ecosystem Detection Response Driving Outcomes – The Right Way to Invest in Security • Decreased mean time to detection and response (MTTD and MTTR) • Operationalize manual steps into automated actions • Superior protection and detection (higher accuracy) • Move left of boom • Improve efficacy of entire product ecosystem • Decreased deployment complexity Multi-channel Threat Intelligence Policy
  • 16. XDR – Intelligence and Orchestration Extended Detection and Response (XDR) • Bi-directional information flow • Automated response and remediation • Central policy • Risk centric • Drive zero trust and left of boom detections vs. Security Information and Event Management (SIEM) • Threat detection use-cases • Threat hunting • Compliance reporting • Event centric • Long term storage • Needs point products to provide data and execute actions • Unfortunately not what you get from XDR vendors today…
  • 17. Point Products • You need individual products • Find products that cover multiple areas • Get a handle on inventory of devices and applications XDR • Do not let the XDR vendors fool you • If you are just starting out, start with MDR • Find a vendor that has a vision you can understand and matches your path • Plot a path to zero trust data access • Can your XDR provider match your existing processes (e.g., via your RMM)? Process • Find a vendor that meets you where you are and matches your growth strategy (DIY, DWY, DFY) • Work with a vendor that offers products, education, and coaching • Be incident ready and please, have backups Next Steps on Your XDR Journey Identify Protect Detect Respond Recover Devices Applications Networks Data Users
  • 18. Grow your cybersecurity practice June 6-8, 2022 Gaylord Palms Resort & Convention Center | Orlando theitnation.com/secure Secure TM