Recently we wrote on open extended detection and response (XDR) platform and the problems it helps solve. In case you didn’t read it, the topic was data fatigue. With more than 1500 security vendors with thousands of point products solving point solutions – understaffed and under-skilled security teams are at a huge disadvantage. Add to that the issue that those point solutions don’t share data or play well together, in addition to a shortage of security practitioners to manage those solutions, and the problem continues. Imagine a security operations center (SOC) with multiple screens supporting multiple products – those analysts are constantly swiveling between screens because those point products don’t play well together or share data.
In a previous role, I worked for a company that had a very ambitious goal: one pane of glass to manage all the security products in their portfolio. As a security leader, I thought this approach was brilliant! Imagine a world where your security teams only need one screen to collect, detect, investigate and respond to active threats to your company. To be honest, I supported this approach so much, I decided to join that company. Sadly, we had a strategic direction change that scrapped this idea (despite input from the folks who use the products).
There is a solution to the pain of multiple panes of glass. Open XDR is the answer. Remember when you received your first smartphone (can anyone say Palm Treo)? If it was an iPhone, you quickly learned it contained some cool useful apps, and some that were not as useful. You also learned about an App Store where you could get even cooler (and sometimes time-wasting) apps. When you added them to your iPhone (think platform), you didn’t have to think about how the apps communicate with each other – it just happened. The photo you took with your phone was geo-located with the built in GPS, and shared to your Snapchat/Facebook/LinkedIn app.
Fast forward to today. Stellar Cyber’s Starlight platform was designed like the iPhone – it has built in apps (SIEM, NTA, UBA, etc.), and has the ability to take your existing apps (think of your firewall, your endpoint, or other security infrastructure) and share data among all of them. And not only share data, but also orchestrate and respond to active threats in your environment. Your security analyst does not need 3-4 monitors they swap between just to manage an event. With a few clicks, your analyst can investigate the event, correlate it across your enterprise, and use active and automated responses to mitigate those risks.
Yes, there are too many tools today. Yes, there are not enough security practitioners. Yes, the security software marketplace has failed in making it easy for analysts to do their job. For you Lord of the Rings fans: “One Ring to rule them all, One Ring to find them, One Ring to bring them all, and in the darkness bind them.” Stellar Cyber’s Open XDR is the One Tool to rule them all, One Tool to find them, One Tool to ingest them all, and in the Starlight bind them.