is Open XDR the answer?
It’s hard to go through a day without some mention of security strategy. Everyone has a model for security, and professional organizations and top industry analyst groups are constantly offering new or updated models to manage an organization’s security—from budgeting, to staffing, to the types of tools and systems that are needed. There are maturity models. There are models outlining attack methodologies. There are the competing forces of digital business agility and protection versus trustconsiderations. There are the parallel and sometimes coincident tracks of security and risk or compliance. There are challenges of being fully cloud and challenges for hybrid environments. All of these factors may inform security strategy.
Above strategy, there is something even more fundamental to the way security is carried out in organizations—ideology. Ideology is something like a belief system for security that reckons with such basic questions as: What can we realistically accomplish? Or, can we prevail over attackers? These sorts of questions lead to a serious examination of an organization’s security practice and could alter the course of what goes on. Many, or most, organizations lack the time to reflect upon ideology, but whether it is actively thought about or even articulated, it is always there.
A common ideology
A common ideology for most security organizations is understanding that security is hard and that attackers have a tremendous advantage over defenders. This is probably more of a fact than an ideology, but it does affect the way one thinks about security. After all, if the NSA or FBI cannot protect their resources from attackers, who can? A likely outcome from this kind of thinking is to do the best one can to reduce the severity or volume of attacks. It calls for practices to continuously improve with better technologies, policies, procedures, trainingand staff efficiency.
Another ideology is to not accept the somewhat fatalistic idea that attackers will always have the upper hand. It is the thought that somehow the equation can be changed. Such thinking calls for a complete examination of security, not just incremental improvement. It could be bold enough to suggest that the way security is currently carried out is simply not working.
One outcome from this progressive ideology is to question the whole approach to security alerts. Such an assessment would conclude that there are far too many alerts to handle and that alert fidelity needs to dramatically improve, particularly in minimizing false positives. It might also question the effectiveness of alerts based on individual tools that are responsible for individual portions of the attack surface.
Change the playing field
Rethinking alerts is a core aspect of the Open XDR strategy. The idea is to treat individual tools as sources of data that can be pooled together to provide a far deeper, broader and more cohesive understanding of the attack surface. Instead of each tool issuing its own alerts, the data can be examined collectively, normalized, correlated and analyzed to show an attack being carried out and enable us to stop it in its early stages. In this way, all the tools work together, rather than separately with a cacophony of individual alerts. Even the concept of an alert can change, so that the result is a more precise, actionable incident rather than an individual warning.
Open XDR is the result of thinking through how one could change the playing field in security and reduce the decisive advantage attackers generally have established. Of course, the technology is critical towards making this a reality, but it has to go along with policies, procedures and practices. It is meant to empower security professionals with the ability to work far more efficiently and productively, bringing focus onto what matters most.
A security ideology may dictate “this is the way security is done,” or “this is how things always worked,” with the result being incremental improvements that continually fall short of reality. Ideology may, alternatively, determine that the current approach to security is no longer effective enough. It would demand a rethinking of how teams work and what they do. Security ideology could be your organization’s greatest problem or its greatest strength.
Sam is the VP of Product Management at Stellar Cyber. Sam is an experienced product development leader with a track record of building AI and security products that customers love. He has a strong background in AI/ML, data infrastructure, security, SaaS, product design, and defense. Sam has held product and engineering positions at companies including Palantir Technologies and Shield AI, and worked for the US Air Force on cyber defense strategy. Sam earned his Bachelor’s degrees in Electrical and Computer Engineering from Cornell University.