Autonomous XDR for a well-rounded defence
|Fran Howarth, Practice Leader Security, Bloor Research, August 2022
When endpoint detection and response (EDR) came onto the market almost ten years ago, it was hailed as the next big thing for helping to defend against threats.
Adversaries were attacking endpoints and it seemed to make sense to focus detection and response efforts on those entry points to the network. And EDR is viable. It’s just that it’s not enough. Endpoints and hosts are important, but they are not the be-all and end-all. Organisations need a 360 degree viewpoint of their overall SaaS security posture.
Extended detection and response capabilities
The market moved on. Some EDR vendors expanded their offerings; some vendors came from another point of view, bringing out platforms of integrated products that could expand capabilities. XDR, or extended detection and response, was born. XDR works by collecting telemetry from security controls throughout the network and beyond, taking rich contextual evidence from each to provide a bigger picture of an attack or incident.
Integration is critical
The key focus of XDR is integration. It should be provided as a platform, based in the cloud as a SaaS application, that provides one single interface that displays the results of the analysis of the data feeds collected.
By providing XDR capabilities as an integrated platform, organisations are shielded from the implementation and management complexities of the underlying technology. EDR is known to be tough to get the best out of, which is why many vendors started providing managed services to enable organisations to more effectively use the technology.
But some vendors have gone a different route. Censornet is one of these. Rather than start with EDR, it has built out a platform that integrates a number of technologies that cover the major attack vectors, including network traffic flows, cloud through its cloud access security broker (CASB), email, web, data loss prevention and identity—all provided as a service. And it is looking to integrate with leading EDR vendors in the near future, especially those that are most widely used by midmarket organisations, which form the bulk of its customers. Those customers subscribe to its services, gaining access to a fully integrated cloud security platform without the need to implement and manage the various components themselves. Throughout the platform all services are underpinned by Censornet’s autonomous security engine which can autonomously detect and provide a response to threats on behalf of customers. Now, it is adding XDR into the mix and has coined the term autonomous XDR—or a XDR.
Identity integration is a key differentiator
Apart from the fact that all components are tightly integrated and can work autonomously for customers, a key differentiator is its focus on identity. Where once organisations’ networks were safely behind well-defined perimeters, protected by firewalls and other systems, today those perimeters have been all but eroded. Cloud services are now the first choice for many organisations and this has been growing rapidly, spurred in part by people working remotely who still need to access resources, and mobile devices provide always-on access to resources and communication. Identity has taken over as the new perimeter.
Much research attests to the fact that most data breaches begin with stolen or misused identity credentials, commonly via social engineering attacks. This is how many ransomware attacks happen and such attacks are rising fast as they are relatively easy to pull off and often offer up big rewards for the perpetrators. The midmarket is a clear target, but has historically not had access to the same tools that larger enterprises can afford.
The Censornet platform has identity at its heart through its CASB, multifactor authentication and identity as a service capabilities. These capabilities provide a great deal of the context that guides effective detection and response, helping to make sense of what data feeds mean and allowing a bigger picture to be created. This is a clear differentiator in terms of its new aXDR (autonomous XDR) offering since identity information is tightly coupled with its other services.
Designed for the midmarket
Censornet’s integrated platform provides midmarket organisations with a so-called “SOC in a box”: access to what is performed in a security operations centre without the need to set one up themselves. This puts them on a par with the capabilities that were traditionally only within the reach of large organisations. Its new aXDR capabilities are an affordable option that will appeal to any midmarket organisation looking to ensure that it is adequately defended against the malicious threats that are a fact of life today.