XDR Solutions

Crank Up your Sensors with the Respond Analyst, an XDR Engine

Chris Calvert
by Chris Calvert
category XDR Solutions

The XDR Engine, the Respond Analyst, we announced last week is the first XDR product to meet companies where they are in their security operations journey, designed with efficiency and ease of implementation in mind. In this blog, I want to talk a little bit more about the challenges with the current SOC design and introduce a new situation-based approach for which our new XDR engine is designed.

The emergence of XDR is a tacit admission within the industry that the SOC as it currently stands is not sustainable. You can’t just give a mound of siloed or disparate sources of information to a person and expect them to be able to come up with the answer. That’s what the cybersecurity industry has been attempting to do until now. But human analysts need help, and that’s where the Respond Analyst shines.

Crank up the sensors

Each vendor produces a signal. They also produce a ton of noise. What often happens is that companies end up tuning down the noise these products produce. Let’s say you buy a $250,000 network sensor. Though it’s capable of 20,000 relevant signatures, you might turn it down to the 100 that you know have a lower rate of false-positives, just to manage the signal volume. Well, what you’ve basically done is devalue that sensor from being worth $250,000 to be worth about $25,000 in terms of the value of detection monitoring. You’ve wasted money and reduced your ability to recognize the signals that tell you something’s wrong.

In this sense, it’s not just about buying the best technology. You also need the best implementation of that technology so you can turn the volume all the way up and make sense of the resulting data.

The Respond Analyst XDR Engine has no increased cost for increased volume, so sensors can be tuned up to the maximum. This enables our solution to operate at immense scale and speed. When you’re not having humans meet data with a fire hose of alerts, it’s much more manageable in terms of how you can investigate the relevant incoming alerts.

Set up for best practices

This lets you do two things better. First, it lets you use people for what they are best at - deeper investigations. Instead of trying to make people function as detection engines, this lets them collaborate with their peers to manage the bad out of the environment. People are optimized to solve problems and run projects. The Respond Analyst is optimized to filter tons of data down to what matters. Allowing each aspect of the SOC to play to its strengths creates an effective and efficient SOC that is situation-based. Rather than being overwhelmed by a non-stop influx of raw data, security professionals can be curious, creative, and collaborative.

Second, it empowers you to use best-of-breed solutions. Because our approach to XDR is vendor-agnostic, you’ll be able to determine from your own data which vendors and tools will work best for you. This frees you to choose a best-of-breed suite of capabilities. You’ll be able to see if a tool you’ve chosen isn’t delivering value, so you can remove it and go with the tool that is providing value – all based on solid data.

Looking ahead

Sometimes it’s not about the journey but about the destination. You’re trying to save time and money while improving your overall security engineering. The Respond Analyst will take you there.