The Partner Opportunity Around Integrated XDR Solutions
… extended detection, extended analysis and extended response.
- Extended Detection: An effective solution should be able to leverage various security data across multiple sources to detect potential incidents. By collecting and analyzing information across a broad range of threat telemetry, raw data can be transformed into actionable insights. From there, the intelligence gathered can be used to inform future decision-making on how to respond to and mitigate threats.
- Extended Investigation: One of the leading benefits of XDR is extended analysis and investigation. If a threat is identified, there are many steps to take and questions to ask before deciding on potential next steps. It should be determined whether the threat is real, the scope of its potential impact and whether it could indicate a larger issue.
This task normally falls on the shoulders of the security team. However, many teams are simply not equipped to efficiently manage every alert that comes in due to the overall rise in threat and alert volume, as well as the ever-expanding cybersecurity skills gap. To conduct the investigation, someone from the security team must go in and look at the potential threat – in its full lifecycle and set of components – verify its nature and scope, and then decide on the best course of action for remediating said threat. This is not a quick or simple task, and it can take up much of the security teams’ valuable time and energy that would be better spent elsewhere.
An XDR solution that leverages artificial intelligence can speed this process. With an AI system that is trained to automatically investigate alerts in a matter of seconds, teams can verify the full context of an incident and carry out an extensive examination. From there, the system should be able to automate response based on the specific nature and severity of each threat. A solution like this not only frees up valuable human resources but also lays a foundation that can scale and adapt to meet an organization’s changing requirements.
- Extended Response: Partners should look for an XDR solution that can support all resources available for executing an automated and coordinated response. This allows the system to contain incidents at machine speed and reserve security expertise for oversight, broader risk assessment and fundamental improvements to security posture.
Taking Advantage of the XDR Opportunity
Currently, endpoint security is valued as a $10 billion market, projected to increase to $18.6 billion by 2025. Extended detection and response enables partners to deliver a highly differentiated solution to drive business and take advantage of this market opportunity. However, as new solutions emerge, it’s important to be aware of the key capabilities of an effective XDR technology tool.
The first step is to assess suitability of a fully automatable detection, investigation and response system like XDR for the customer, as compared to a more customizable solution based on security information and event management (SIEM) and security orchestration, automation and response (SOAR) tools. Customers with limited security teams, tools and process are a good fit for XDR. By contrast, those with robust staff, skills and process might be better served by a SIEM or SOAR solution that can fit their specific way of handling security.
The second step is to understand the full scope of capabilities – ensure you know specifics about what the solution can or cannot do. Determine how it can support ongoing initiatives and digital innovation led by the addition of new cloud platforms, an expanded SD-WAN infrastructure or newly deployed edge devices.
Lastly, consider the overall cost and return on investment of the solution. This can be determined by aligning the technologies’ functions and requirements with the technologies and resources you’re already utilizing.
By choosing an XDR solution that can meet these core requirements, partners can help customers improve security posture and optimize operational efficiency by allowing teams to dedicate their time and resources to higher-value contributions. This can help drive your customers’ security strategy and stay ahead of a digital marketplace that is rapidly introducing new risks and growing in complexity.
Jon Bove is the vice president of channel sales at Fortinet. He and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the U.S. A 17-year veteran of the technology industry, Bove has held progressively responsible sales, sales leadership and channel leadership positions. Follow @Fortinet on Twitter or Bove on LinkedIn.
- Page 1
- Page 2