It seems as though the world of cybersecurity has transitioned overnight. XDR, or eXtended Detection and Response, has become the mantra of every major player. Here at RSA Conference 2022, everyone from the endpoint, network, SIEM, and IoT worlds has suddenly embraced XDR as their core strategies—however loosely aligned with what they’re actually offering in terms of products and services.
Why is that? There are two primary reasons.
1. XDR has become the new shorthand for effective, efficient cyber protection. The cybersecurity industry has grown organically over the course of decades, springing up solution types as the threat landscape evolved. This has created a proliferation of companies with narrow specializations that require a lot of explanation and positioning, and still is difficult to understand. XDR is the marketing Rosetta Stone that translates everything into a simple concept that everyone can understand.
2. XDR actually is the solution that the industry has been waiting for. Put simply, XDR is the unifying principle that makes sense of all the security technology that organizations have deployed, and promises to simplify and create genuine efficiency in protecting against evolving threats, all while delivering cost savings.
XDR, at its core, recognizes that no single type of security tool will ever solve the problems created by sophisticated, well-funded, and motivated adversaries. We’ve endured wave after wave of attack types, from script kiddies vandalizing IT to nation-states performing industrial espionage to ransomware gangs to warring nations employing “wipeware” as a weapon. In each case there’s a scramble to react and contain adversaries, who simply pivot and move on to the next thing.
XDR takes a comprehensive approach to the problem. It presumes that threats can come from anywhere and attack any part of an organization’s infrastructure. It gives cyber defenders a single pane of glass, and a unified data repository, with advanced analytics that leverage AI and machine learning, and tools to automate the processes of incident management and remediation. Contrast this approach with today’s multi-tool, multi-screen, intensively manual processes, and it’s easy to see the appeal of what XDR promises.
In real life, though, it’s still messier than that. The old saying, “When all you have is a hammer, everything is a nail” is quite germane here.
For companies that focus on a single type of security—endpoint detection and response (EDR) is a good example—it means that they must furiously partner, develop, or acquire capabilities in other areas, or risk being left behind in the XDR evolution. That’s why you hear many of them embracing XDR publicly while capabilities lag behind.
For NetWitness and its customers, XDR is a new name for what has been core capabilities for years. Begun in 1996 as a government-sponsored research project to inspect network packets for cyberthreats, and tools to detect and respond to them, NetWitness has iterated and innovated to keep up with the ever-increasing sophistication and velocity of attacks. Adding the ability to ingest logs, endpoint, and IoT (Internet of Things) data, along with a unified data model and automated analytics, NetWitness created the precursor to XDR called “Evolved SIEM.” With the inclusion of security orchestration automation and response (SOAR), NetWitness now delivers all the integrated capabilities of XDR – while others are still assembling piece parts.
To reflect this leadership in the emerging XDR market, NetWitness is re-branding as NetWitness XDR, releasing new versions and offerings that showcase our uniquely powerful support for all XDR use cases. NetWitness Platform XDR 12 is the newest release of the venerable NetWitness security solution, with unrivaled detection capabilities to find threats before they can make a negative impact. NetWitness Platform XDR protects iconic organizations around the globe, empowering the most sophisticated SOCs with tools for visibility, insight, and action. NetWitness XDR Cloud Services is a set of native SaaS applications that adds focused capabilities such as behavior analytics, threat intelligence, orchestration and automation, and characterization and prioritization for assets connected to a network.
As the cybersecurity industry coalesces around the concept of XDR, NetWitness XDR has important differentiators beyond its radical visibility, advanced analytics, and incident response automation. With its heritage as a network-centric tool, NetWitness XDR is instrumented to take advantage of the fact that network traffic is the place that everything must touch.
The “network-forward” approach makes NetWitness more powerful than other XDR solutions. Because NetWitness was designed from the start to handle massive volumes of data – many times more than SIEM or endpoints generate – it has evolved rich tools to search, correlate, and analyze the ever-increasing volumes generated by modern organizations. More data means more places for attacks to hide, and NetWitness XDR sees them all.
Other important NetWitness XDR benefits include:
• Unified Data Model (UDM) that converts and enhances data at the time of ingestion, for faster, more accurate machine analysis and human investigation
• Threat Intelligence Platform (TIP) to integrate and correlate multiple intelligence sources and optimize for specific environments
• Flexible deployment options, from on-premises to cloud-native, and everything in-between
• Advanced incident investigation and response tooling, with visualization, automation, and playbooks
• Access to relevant and timely content, with rich customizations that build value over time
• Real-world continuous testing by NetWitness Professional Services and Incident Response
NetWitness Platform XDR has always satisfied the most demanding SOC use cases and is the foundation of many of the world’s most sophisticated SOCs. With the release of NetWitness XDR version 12, the power of NetWitness XDR is available to a wider range of organizations. Simplified and flexible deployment options, new content and visualization features, and SaaS and managed service capabilities make NetWitness XDR the choice for organizations of all sizes and types, delivering – for the first time for many – the ability to finally get ahead of the attackers and contain the risks that are keeping CISOs and CEOs awake these days. For SOCs that are seeking best-in-class XDR today and want to future-proof their systems going forward, NetWitness XDR is the clear choice.