In part 2 of our SOAPA video, I welcome back my astute colleague, Dave Gruber. The conversation turns to XDR, a market segment that Dave and I collaborate on. I ask Dave about:
- The definition of XDR. It’s a nebulous industry term but Dave nails it by explaining that XDR is a method for bringing controls together to improve security telemetry collection, correlation, contextualization, and analytics. There’s also an operational side of XDR to help coordinate response and remediation across multiple controls simultaneously.
- Whether XDR is a product or an architecture. When Dave and I first put our heads together on XDR, we realized that it looks a heck of a lot like SOAPA. Since XDR is often presented as an integrated suite from a single vendor, it’s kind of a product. Alternatively, some vendors offer open APIs and a partner ecosystem, so it’s kind of an architecture as well. Regardless, it’s still definitely SOAPA!
- Where XDR is today. Dave admits that it’s early on for XDR and current versions start with common data collection and correlation, acting as a data lake for security analysts. Many vendors are adding advanced analytics as well. The goal is to detect “low and slow” attacks that compromise systems, move laterally across networks, escalate privileges, and ultimately exfiltrate data. In theory, XDR can detect these campaigns as it has coordinated eyes on everything.
My SOAPA video with Dave was going so well that I invited him back for Part 3 of our video. Unprecedented! Stay tuned.