Threat Intelligence
CVE-2024-3400: Zero-Day Remote Code Execution Vulnerability Exploited to Attack PAN-OS
by George Glass
Fri, Mar 8, 2024
Managed XDR (MXDR) is a service-led security solution that uses a wide range of telemetry sources to better unify and automate incident investigation, analysis, and response.
Extended Detection and Response (XDR) is the technology at the heart of MXDR. It is a security platform that unifies telemetry across multiple security layers, such as networks, endpoints, applications, email, identities, and cloud services, into a single platform.
Read on to discover how, when deployed effectively, Managed XDR can help mitigate many of the risks associated with managing security in-house to deliver broader visibility and support a more robust security posture.
MXDR is a comprehensive cybersecurity solution that provides advanced detection and response capabilities through a powerful combination of security technologies and specialist expertise.
In a constantly changing threat landscape, organizations must ensure they are prepared to respond effectively to new and emerging threats by leveraging the best technologies. The “X” in Managed XDR stands for “extended” because it unifies data from a wide range of data sources, including previously isolated security tools across an organization’s technology stack. This facilitates enhanced visibility across the attack lifecycle and more efficient investigation, threat hunting and response across networks, cloud services, email, identities, and Software-as-a-Service applications.
MXDR can be delivered via either a closed XDR or open XDR approach. Closed or native XDR is delivered via one technology suite from a single vendor, while open or hybrid XDR uses one vendor, for example for EDR, and integrates third party data from other vendors. The optimal approach will vary between organizations, depending on existing investments, budget and roadmap.
Security Orchestration, Automation and Response (SOAR) plays a crucial role in XDR, easing the burden on in-house security teams by allowing specific incidents to be responded to automatically. MXDR provides a critical advantage for in-house teams, who are freed up to focus on the key issues, with response playbooks and automated actions accelerating the incident response process.
Companies using a wide range of security point solutions risk being overloaded with alerts that lack context, creating more work for their security teams and leading to delays in addressing threats. Recent Kroll research revealed that, such was the complexity it created, the more security tools organizations used, the more incidents they experienced. Managed XDR significantly reduces this burden by providing multi-layered visibility and streamlining security analysis, investigation, and response, coordinating security tools into a single platform.
By acting as a virtual extension of in-house resources and providing a turnkey, outcome-based service, MXDR significantly reduces the costs associated with establishing and maintaining an in-house security team and infrastructure. Managed XDR enables businesses to continually improve their defenses by drawing on insights gained through frontline threat intelligence.
MXDR | Legacy Managed Services |
---|---|
One complete, turnkey solution, ensuring consolidated security data | Often delivered via multiple fragmented toolsets, with long implementation and integration timelines |
Allows the monitoring of data across many different sources for greater visibility and more complete threat detection | Visibility limited to a select group of toolsets, with many providers having limited specialist expertise and critical telemetry blind spots |
Fully outsourced detection and response, reducing the burden on security teams | Deep analysis and response tasks may have to be managed in-house, adding to the work of internal security teams |
One complete “pane of glass” provides a more immediate overview of security status | Disparate, siloed security systems can mean delays in threat alerting and response |
Harnesses automation to accelerate triage and remediation of issues, reducing the mean time to detect and respond to threats | Inconsistent use of automation may mean that false positives multiply and risk remediation is delayed |
Enriches alerting by contextualizing large volumes of data collected and analyzed from across many different sources | Alerts are often “passed over the wall,” with limited context, requiring additional triage before they are actionable |
Leveraged effectively, Managed Extended Detection and Response has the potential to advance organizational security in several ways.
While the provider will define the specific capabilities of Managed XDR, it usually includes certain aspects.
With Managed XDR vendors varying widely in terms of capacity and approach, it is essential to assess potential providers based on a range of criteria.
Kroll Responder MDR, our managed detection and response service, features built-in XDR, which enables organizations to achieve broad visibility across their cloud and on-premises environments to quickly detect and respond to the latest threats. Informed by the cutting-edge threat intelligence and insights gained from more than 3,000 incident response investigations each year, you can rely on Kroll for advanced MDR that delivers a complete response. To benefit from the same level of insight to help advance the security of your entire Microsoft estate, discover our Managed XDR for Microsoft services.
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.
Immediately elevate your Office 365 security with 24x7 monitoring, analysis, and automated response using Kroll Responder for Office 365. Detect and respond to threats targeting email, Sharepoint, and third-party plugins leveraging frontline threat intelligence.
by George Glass
by Laurie Iacono, Keith Wojcieszek, George Glass