SMBs and SMEs are increasingly turning to MSSPs to secure their businesses because they simply do not have the resources to manage an effective security technology stack. However, it’s also challenging for MSSPs to piece together an effective but manageable security technology stack to protect their clients, especially at an affordable price point.
This is where Extended Detection and Response (XDR) comes in and can help MSSPs boost their profitability from SMB and SME and improve their protections. XDR is heating up within the MSSP market as these security service providers stand to gain tremendous financial and operational benefits from this nascent technology. XDR promises far better security outcomes at a lower cost than the current security stack approaches most MSSPs currently have in place.
One sticky point that keeps arising in the XDR discussion has to do with the different technology approaches XDR providers rely upon to deliver platform capabilities. Most of us have heard the three primary approaches mentioned – Native XDR, Open XDR and Hybrid XDR – but still don’t understand the key benefits and drawbacks of each. Fortunately, an informative guide was just released (click here to download) to help MSSPs understand and evaluate each of these approaches.
Potential Benefits XDR Can Provide to MSSPs
Before we dig into each of the approaches, let’s review the key benefits we’ve heard that XDR could potentially provide to MSSPs. With that laid out, we can then evaluate how each of the three XDR approaches are positioned to deliver on those promises.
Generally, XDR should provide MSSPs with the following capabilities – at a minimum:
- Extended telemetry for enhanced threat visibility
- Correlate security data to improve accuracy and consolidate alerts into incidents
- Expand, coordinate and automate response actions across the environment
The ultimate benefit provided by these capabilities is better security outcomes than would otherwise be achievable by purchasing and integrating a traditional set of security technologies. Because an XDR platform is purpose built to improve and automate threat detection, investigation and response, it can theoretically prevent a broader range of threats with far better accuracy.
Beyond security improvements, XDR solutions can also reduce costs for MSSPs. Because some XDR platforms include multiple telemetry sources and security capabilities, they may allow MSSPs to replace existing technologies. The enhanced automation provided by some XDR solutions may allow MSSPs to reduce staff dependency by significantly reducing manual investigations and response requirements.
The 3 XDR Approaches
Let’s face it, every security provider yearns to be in a hot technology space. Because security remains a dynamic market, it only makes sense that some vendors seek to realign their technology with what’s hot in the hopes of aligning themselves with the spending dujour. The XDR approach provided by a particular vendor is fundamentally based on the current set of offerings provided by that vendor. Let’s go through the three approaches and you’ll see what I mean. For a fuller explanation and discussion, access Cynet’s new guide here [LINK HERE].
A single vendor that offers all components of an XDR solution is considered Native XDR. This means that the buyer will not need to purchase and integrate additional technology solutions into the Native XDR platform to enjoy the benefits. Generally speaking, Native XDR platforms are provided by vendors with strong EDR offerings.
Because a Native XDR platform contains all components needed out of the box, it should work seamlessly with no integration required. This approach provides a turnkey, fully operational platform which may allow an MSSP to eliminate redundant tools and not worry about ongoing integration and upgrade issues associated with a multi-vendor technology stack. The one downside is that a Native XDR is not customizable, so be sure the solution provides everything you need.
An XDR platform that requires integration with multiple third-party providers, especially for telemetry, is considered an Open XDR platform. An Open XDR platform integrates and correlates signals from 3rd party tools for threat detection and also relies on the 3rd party tools to implement suggested response actions. Generally speaking, Open XDR platforms are provided by existing SIEM and SOAR providers, as well as newer technology entrants, notably those without an EDR offering.
Open XDR platforms allow MSSPs to continue using most of their current toolset, or whichever components can be integrated into the Open XDR platform. Open XDR platforms are flexible, so MSSPs can swap in and out best of breed tool components. However, Open XDR platforms will add cost as most technologies in place will need to remain to feed the Open XDR engine. And the jury is still out exactly how seamlessly third-party tools can be integrated and orchestrated with an Open XDR platform. If SIEM is any indicator, caveat emptor.
A single vendor offering most to all components of an XDR solution, while also allowing 3rd party tool integration is considered Hybrid XDR. This means that the buyer will not necessarily need to purchase and integrate additional technology solutions into the XDR platform to enjoy the benefits but can do so to extend or replace the technologies native to the platform. Hybrid XDR platforms are generally provided vendors with EDR solutions, especially larger vendors looking to include a broad portfolio of solutions into the platform.
Hybrid XDR platforms could theoretically provide the benefits of both Native and Open XDR platforms. If the Hybrid XDR provider has a robust set of native tools and if the Hybrid XDR platform can seamlessly integrate a variety of third-party tools, this may be the case. However, some Hybrid XDR providers essentially piece together a library of tools that are poorly integrated and barely work together.
The benefits MSSPs derive from an XDR platform will vary greatly depending on the providers approach and actual implementation of that approach. While the promise of XDR is great, MSSPs must be wary of the current crop of XDR solutions as security solution vendors are clamoring to align with this burgeoning technology, regardless of their ability to deliver.
Download the XDR Guide for MSSPs here
images from Hacker News