How SASE-based XDR Delivers Better Threat Detection Performance

By Demetris Booth
Cybersecurity Analysts Image

[By Demetris Booth, Product Manager, Cato Networks]

The cybersecurity market is brimming with point solutions. Each solution is designed to address a specific risk, a specific security use case and a specific attack vector. This approach is no longer sustainable because it unnecessarily complicates the overall security architecture. Security gaps are the result. Already overburdened and understaffed security teams are having to learn, configure, manage, maintain and monitor scores of different tools, and because of this, they are ignoring important alerts, delaying patching and overlooking other critical issues. Moreover, critical security signals simply get lost or buried across multiple and disparate systems, and these security gaps are being weaponized by cybercriminals.

XDR Addresses Security Complexity To A Degree

Extended detection and response (XDR) is being hailed as the “Swiss-army knife” solution to security complexity issues. For those not familiar with XDR, it is an advanced security technology that extends beyond endpoint detection and response (EDR) tools. XDR platforms analyze threats and anomalies across networks, endpoints, clouds, and more.

XDR technology sounds great on paper. There’s been considerable hype and confusion through clever marketing, as some XDR platforms only work on specific vendor toolsets (closed XDR or native XDR), while others promise integrations with third-party vendors (a.k.a. Open XDR). The issue is that the effectiveness of these integrations remains questionable. While Open XDR offers integration with existing networking and security tools, making sense of all this data can be challenging. This is because for XDR to process and analyze all threat data, it needs to be standardized into a format that the XDR tool understands.

Given this potential data inconsistency, it seems unlikely that XDR can live up to the hype and perform at a high degree of speed, effectiveness, and accuracy.

SASE-based XDR Can Overcome The Data Normalization Problem

Before we discuss SASE-based XDR, it is important to understand the basics behind Secure Access Service Edge. SASE converges networking and network security functions into a single, cloud-delivered architecture. SASE provides end-to-end visibility to ensure consistent global policy enforcement for all authorized users, devices and applications regardless of location.

What Is SASE-based XDR And How Does It Work? 

SASE-based XDR is a new native approach to detection and response that improves operations for security teams. Unlike standard XDR technology that relies on capturing threat data from multiple security tools, SASE-based XDR captures threat data from native sensors that are built into the SASE platform, as well as data from third-party sensors. Data from these sensors is populated into a single data lake and requires no integration or normalization. Advanced AI/ML algorithms train on this data to produce more accurate and related threat incidents for security analysts to act on.

SASE-based XDR becomes a game changer over standard XDR because of the quality of data it produces. As mentioned earlier, standard XDR has data quality limitations, which can impact detection and response effectiveness. Because XDR requires security data to be normalized and understood, it risks losing critical threat information during the process. The quality of the data and the accuracy of security incidents that security analysts handle are directly affected by this.

With SASE in the picture, XDR is more effective because it ingests cleaner data to produce more accurate security incidents. Furthermore, training AI/ML on higher-quality data ensures enhanced threat correlation, detection, and incident response capabilities.

Studies show that most organizations are gravitating to technologies like XDR and SASE in a bid to consolidate security and reduce overhead and complexity. Given the challenges and limitations of standard XDR, it makes reasonable sense to evaluate SASE based XDR, which leverages the best of both worlds to deliver superior visibility and control.

About the Author 

Demetris Booth is Product Director for Cato Networks in Asia Pacific, Demetris leads the strategic engagements around Cato’s cloud-native approach to Secure Access Service Edge (SASE). He is a strong advocate and champion of network and security convergence, promoting SASE as the pathway to better business and technical outcomes. Prior to Cato, he held various leadership roles with Sophos, Cisco, Juniper Networks and Citrix Systems. As a 20+ year technology industry veteran, he brings a diverse, global perspective, having lived and worked in North America, Europe, and Asia.


No posts to display