For all organisations, managing cybersecurity threats and risks is both an upstream and downstream challenge. Just as a village at the bottom of hill below a leaking dam needs to address both the leaks and the influx of water, so do organisations need to manage incoming threats and their impacts.
Steve Salinas, the Head of Product Marketing at Stellar Cyber, says Open extended detection and response, or Open XDR, is a powerful tool that enables cybersecurity teams to manage the source of inbound threats and mitigate the impact of attacks that find their way into your environment.
“XDR technology allows you to address both the upstream by helping you better manage your data and the downstream by giving you good automation, response, and integration capabilities. A good XDR solution gives the data you need to detect risks and the tools to efficiently deal with them,” he says.
While SEIM solutions promised the ability to collate data and provide meaningful alerts regarding threats and attacks, Salinas says these tools require significant resources to implement and maintain. Similarly, SOAR tools, which promised to automate response also need substantial resources and expertise. But with AustCyber saying that Australia faces a shortage or over 16,000 cybersecurity professionals by 2026, organisations need tools that aren’t so demanding to run.
Salinas says “Unless you’re extremely well resourced and have that right skill set, the current SEIM products and SOAR products in the market probably won’t help you address the upstream and downstream problems in the security cycle.”
That skills shortage leads to several challenges. Burnout is a very real concern with some research suggesting as many as 86% of cybersecurity professionals feeling the effects of burn out. Coupled with the skills shortage, it’s likely many security log events are not being investigated.
“Many medium to low severity alerts and some informational alerts are not being looked at,” explains Salinas. “But if you were to correlate those different alerts you might identify a massive attack or some event that could be a high priority. Organisations may have a much higher risk profile than they would be comfortable with.”
Choosing a XDR solution may seem daunting. But Salinas says the key is to start with understanding your own environment and what problems you are trying to solve.
“Maybe there are too many alerts, or you don’t have great threat intel or inconsistent response capabilities. Identify the couple of highest priority use cases and then reach out to vendors. Get them in your environment and put them through their paces before choosing,” he says.