This week secure access service edge (SASE) pioneer Open Systems announced it has integrated the Microsoft Azure Sentinel security information and event management solution (SIEM) into its managed detection and response (MDR) service. The marriage of the Azure SIEM with Open Systems’ cloud-native SASE service will enable customers to see threats faster and in more places and, more importantly, contain the threats before they become harmful to the business.
Why Traditional EDR Is Dead
Traditional EDR (endpoint detection and response) services do an adequate job of the “D” in EDR, in that they detect threats on endpoints but often are helpless with the “R,” or response, because they don’t have an end-to-end view of network traffic. I’ve written several posts that proclaim the traditional EDR market to be a dead one because those solutions are very expensive and provide very little value.
EDR vendors need to evolve into XDR solutions, where X is the coming together of cloud, endpoint and network information. The challenge with XDR is that it’s a lot of data to analyze, correlate, visualize and act on.
Open Systems Managed Detection Service Delivers Simplified XDR
Open Systems currently has an advanced MDR service that is differentiated as a true managed XDR service, whereas most vendors offer managed EDR. The addition of the SIEM beefs up the service because enterprise data will be ingested and parsed by Sentinel first to filter out bad data. This makes it easier to see actual positives and the malicious behavior that warrants a closer look by the Open Systems security operations center (SOC).
After analysis, the security team will contact the customer and then provide a recommendation on how to contain and resolve. This can dramatically shorten the time to resolve a breach. My research shows the average time to even find the breach is 103 days today. That’s an eternity in the world of security. The XDR capabilities combined with Sentinel and a world-class SOC can shorten that down to just a few days, saving precious amounts of time.
The COVID-19 pandemic has taken the need for managed XDR to another level. Understanding the security landscape with a well-defined perimeter is tough. The shelter-in-place orders have pushed millions of workers into their homes, significantly changing the WAN, because every employee’s home is now part of the network. This increases the attack surface, creates more entry points and increases vulnerabilities. The “full stack” solutions companies use are no longer sufficient.
COVID-19 Makes XDR Mandatory
COVID-19 evolves XDR from being a nice-to-have to an absolute must-have. Open Systems is more than a security vendor because it also offers a SASE service. Its MDR service can certainly stand on its own, but when combined with the SASE network, there is much greater visibility across the entire kill chain. This includes remote locations, WAN, cloud and endpoints. The managed elements ensure that there are always eyes on the network to see and contain things as fast as possible.
The rise in work from home is certainly not going to shrink any time soon. Even when the pandemic is over, most businesses will shift a large number of employees to being virtual. Network and security professionals need to understand they can’t band-aid an EDR solution together. It’s important to take a step back, think XDR and consider a managed XDR service when the complexity is too high.
Zeus Kerravala is an eWEEK regular contributor and the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions.