Habr, hello!
The other day I was lucky enough to participate here (we will get by with a link to the entry, without direct advertising), where such a new topic in the information security market as XDR was discussed .
Hot on the heels of the airwaves, I will fix the main theses: my own thoughts and facts about XDR and, in general, I will answer two important questions: what is XDR? why did you need it?
What is XDR?
XDR (Extended Detection and Response) – . , , , , .
EDR (Endpoint Detection and Response) – XDR. EDR XDR.
XDR EDR, : , , , , (Windows, Linux, MacOS, Android, iOS, .).
XDR EDR. XDR EDR.
“X” “XDR” /, , . “X” , , XDR, ( ).
XDR – , , , - , . , , , , . , , , , , , Threat Intelligence .
XDR , , . – , .
XDR , . XDR – , ( / ) , -, , , -, - . - , - .
, , EPP+EDR, ( ), NTA/NTDR, CASB, IDM ( ), - (, , IoT, .) XDR , , , .
XDR – , , , , . , , – Threat Intelligence.
, XDR , , , SOAR , . , SIEM XDR.
XDR – , , , XDR on-premise . , c . on-premise – on-premise XDR, , , .
XDR MSSP , MDR, .
XDR MDR – , , . , - MDR - . , Threat Hunting ( ) , , . , . MDR XDR .
-
XDR?
, APT , , , . ? , . , , , , , .
, . , , , , - , - , , MTTD/MTTR – - .
Thanks to XDR, various products from a single vendor gain a single environment for exchanging data and obtaining a single picture of what is happening in the infrastructure. A unified management console for the analyst's convenience, providing a high level of automation of actions in the framework of investigation and response, an improved process for prioritizing incidents, improved MTTD and MTTR indicators, a decrease in the number of false positives and the time that analysts spend on the process of investigating and responding to incidents. XDR is very attractive today.
That's all for me! Supplement with your thoughts! See you!