XDR detections are mapped to the MITRE ATT&CK framework, using artificial intelligence to expedite analysis and adapt defenses. Typically, XDR will deliver a customer portal that presents IT leaders with streaming security intelligence, providing a more complete view of the organization's overall security posture.
XDR's customer value ultimately depends on the end user's technology deployment and data availability. With this in mind, the Accenture XDR team can work with customers to assess their technology and help them maximize capability coverage and integration. A FedRAMP-authorized XDR service will integrate seamlessly into the existing security fabric and can provide first- or second-line defense, serving as either a primary SOC or as a strategic component of a multitiered defense.
How is XDR different?
A number of other security infrastructure offerings go partway toward meeting the demands of a highly complex security landscape. The government has pursued these solutions with varying degrees of success. It's instructive to take a look at how XDR does and does not resemble these alternate methodologies.
XDR vs. EDR
With its focus on the growing universe of endpoint devices, Endpoint Detection & Response (EDR) can be a powerful tool for managing security at the endpoint. However, EDR cannot effectively peer into network traffic and cloud workloads, which means it provides a more limited view, leading to unverified alerts that can overwhelm a traditional SOC. By providing a more granular and contextual perspective, XDR can automatically resolve many of these alerts and prioritize those deemed the most significant risk.
XDR vs. MDR
Managed Detection & Response (MDR) is precisely that – a managed service offering that delivers SOC capabilities as a service around a specific tool. Given the constraints on cybersecurity talent, this can be a valuable and cost-saving alternative to in-house staffing.
Most MDR offerings don't provide the defense-in-depth offered by employing various cybersecurity tools, have limited visibility into network traffic and cloud workloads, and lack sophisticated data integration, correlation, and analysis.
XDR vs. SIEM and SOAR
At a casual glance, XDR may resemble components of both SIEM (secure information and event management) and SOAR (security, orchestration, automation, and response), as it leverages both technologies. However, XDR adds additional capabilities to provide a more robust and resilient monitoring and response solution.
SIEM tools alone typically don't offer the same fidelity of threat detection nor the ability to proactively hunt for APTs and insider threats using threat intelligence and UBEA. And SOAR can help ensure more consistent responses but typically address only low-level threats versus the more complex, targeted attacks that XDR focuses on.
Why "as a service"?
By acquiring XDR as a managed service, organizations can leverage several significant advantages.
In an environment where cybersecurity talent is scarce, agencies can take advantage of highly skilled and trained, multidisciplinary teams addressing the full cybersecurity lifecycle. Coupled with the use of analytics and automation, these economies of scale can deliver better coverage at a lower cost.
An as-a-service model also makes it easier to stay ahead of the threat. Near-term, agencies benefit from the collective knowledge and specialization enabled by a shared service model, which means that new risk areas can be quickly identified and responded to. Thinking about the longer-term effects, the shift to an outcome-based model with defined SLAs can drive continuous performance improvements. For example, a managed service provider has the incentive and the ability to quickly procure and implement new tools to maintain or bolster cyber defenses in the face of emerging threats.
Finally, working with a managed service provider can be a leapfrog event for agencies seeking to grow their cybersecurity maturity. For example, Accenture's companion Level-Up framework assesses 800 characteristics to chart a five-step cybersecurity maturity progression to bring federal agencies to a fully predictive model.