The global cyber threat situation has worsened over the past few years. After the pandemic sent businesses and consumers online, the number of cybercrime targets increased exponentially, leading to more cases of cyber attacks and organizations that belatedly realized they were unprepared for the threats. The cybersecurity community responded with the emergence of more security providers and solutions.

What’s great about the entry of new players in the cybersecurity market is that many of them are offering innovative solutions that address evolving threats. Unlike businesses in other industries that make do with conventional business models and product offerings, cybersecurity firms attempt to provide solutions that match the changing security needs of organizations.

However, do cybersecurity solution providers follow specific templates as they develop the new products or services they offer, or do they simply follow what others do like incorporating purple teaming and the MITRE ATT&CK framework in their platforms? Or could it be that they have a list of enterprise needs and preferences they are trying to fulfill?

Building innovative cybersecurity solutions

Different companies have different motivations and approaches when developing their innovative cybersecurity solutions. There have been no scientific surveys conducted regarding these, so I will not be representing other companies here by offering a list of what security firms generally factor in as they develop new cyberprotection technologies.

At least three items stand out. They are as follows:

• The need for an easy-to-use, easy-to-understand, and easy-to-explain system;
• Comprehensive and unified capabilities to handle various threats through a single interface;
• Integration of advanced solutions, mechanisms, and frameworks to address evolving threats, including zero-days.

One of the most important considerations in building an effective cybersecurity solution is ease of use not only for cybersecurity teams and end users but also for the management, decision-makers, and stakeholders. Nowadays, corporate boards and company stakeholders are getting involved in the cybersecurity situation of their organizations. They have started asking questions not only regarding the organization’s cyber defense infrastructure but also the capabilities of those manning them.

Dealing with complex cybersecurity platforms is not a problem for CIOs and CISOs, but explaining them to the board of directors is a different challenge. Hence, it helps to deploy tools or comprehensive security platforms that are easy to understand and explain. After all, it is not only those in the IT department who make decisions on IT security investments and expenses. There is a need to convince people in management who may not know that much about the technical aspects of security but are genuinely doing their part to find and select the best options in the market.

Another important factor is the ability to bring together various security technologies, security data, and security event management capabilities under a unified system. Enterprises prefer to have a “single pane of glass” through which they can monitor all of the status of their security controls, the security they generate, the events they have to respond to, and the responses they have undertaken.

When it comes to enterprise cyber defense, individual or specialist security solutions are mostly passé. Organizations with complex structures and broadly spread IT infrastructure need comprehensive solutions that dramatically increase the efficiency of threat oversight and attack response. Some organizations may also be using various security tools in different aspects of their operations, so they prefer not to add more but to have a platform that can unify these (likely disjointed) security solutions to streamline the management of security information and events.

On the other hand, it is crucial to take advantage of the latest technologies and the most effective tools to effectively counter threats, especially zero-days or yet-to-be-identified vulnerabilities and attacks. Artificial intelligence, security data correlation, and predictive analytics are no longer optional. It is a must to leverage them especially when it comes to filtering security information noise and prioritizing alerts to ensure timely responses.

XDR: A demonstration of innovation

Extended detection and response or XDR is not exactly the latest cybersecurity solution on the market. However, it emerges as one of the most relevant security technologies that show how security tools evolve to address changing or new enterprise needs. The adoption of XDR, notably, has three waves that correspond to the changes SecOps centers needed to go through to become more effective or regain effectiveness against the evolution of cyber attacks.

The first wave focuses on the need for complete visibility across an enterprise’s attack surfaces. As enterprises expand, they add more hardware and software to their systems. Also, they adopt new IT technologies, such as cloud computing and containerization. These inevitably expand attack surfaces rapidly. XDR ensures complete security visibility for all these potential attack surfaces with the help of a single dashboard or interface that consolidates all pertinent information including security statuses, notifications or alerts, and incident logs.

The next wave deals with response automation. With all the massive amounts of information collected during the security visibility phase, it is expected cybersecurity teams would have difficulties going through all the data. Here’s where automation plays a crucial role in making sure that irrelevant data are filtered out and those that require urgent attention are prioritized.

Automation is not as easy as it sounds, though. Legacy security systems have issues working with data because of format inconsistencies and incompleteness. XDR addresses this bottleneck by having data normalization and enrichment as an essential part of its data handling framework. Data is converted into a format that can be readily fed to a machine learning or AI system to enable automation.

Lastly, the third wave emphasizes the ability to reduce future risks. This entails proactive defense or the ability to anticipate emerging threats through predictive analysis, user entity and behavior analytics (UEBA), and other advanced threat detection, prevention, and mitigation tools.

Cybersecurity innovation: transcending acronyms and categories

Notice how XDR’s waves and features coincide with the points about cybersecurity solution innovation listed earlier. XDR or specifically Open XDR offers the benefits of comprehensive visibility and unified information and event management, which makes it easier to see and respond to threats and present the situation clearly, even to those who have no technical cybersecurity knowledge. It also supports the integration of new technologies, particularly AI and predictive analytics, to be prepared for new unidentified attacks that tend to evade conventional security controls.

However, those in the know may notice that the attributes described above also apply to next-generation security information and event management or NG SIEM.

To be clear, next-gen SIEM and Open XDR are not the same. They have been developed with the same goals of monitoring, preventing, and mitigating cyber threats by bringing together different security solutions and ensuring efficient security information handling and response, but they are different especially when it comes to their frameworks. It is understandable that there would be some confusion about the terms and enterprises may also have confusion as to what solutions they really need.

This is the nature of cybersecurity innovation. Different companies come up with different solutions and offer various sets of features and functions. Upon closer scrutiny, some will probably find similarities in features or overlaps between cybersecurity platforms marketed under different acronyms or categories.

Here’s a piece of advice: Ignore the labels or categories. Focus on what the solutions really do and the outcomes they promise to deliver. Cybersecurity innovation is eternally evolving and naming conventions are the least of cybersecurity experts’ worries as they strive to develop solutions that match the similarly evolving threat landscape.

#CyberSecurity #XDR #ThreatDetection #AIinSecurity #DataProtection