In the digital age, XDR (extended detection and response) has unlimited possibilities

6 month 29 Japan , By the international Cloud Security Alliance CSA Hosted by greater China , Undertaken by CICA security “ The digital age ,XDR The infinite possibility of ” The seminar is held online .

This seminar from CSA Xumudi, Deputy Secretary General of Greater China, presided over the meeting , Fengjunhe, senior threat management product director of CICA security 、 Co founder of Jinjing Yunhua & Vice President huwenyou 、CSA Experts from Greater China & Liu Zhicheng, director of information security center of Lexin group 、 Carbon haze COO Chang Hao 、 Gonglei, director of Jidun technology solutions And other experts discussed XDR Market maturity and technology development trend , In depth analysis XDR Aggregate the protection capability of innovative technologies in different digital scenarios , By finding and resisting more dangerous reefs in the hidden network , Secure the digital future .

XDR Security primordial force supports digital scene protection

Fengjunhe stay XDR In the explanation of safety primordial force ,Gartner A future oriented adaptive security architecture is proposed for advanced , From prediction 、 defense 、 testing 、 Build security capabilities in response to four dimensions , In order to realize the fundamental transformation of safety construction mode from emergency response to continuous response . However , The user is in “ Find out ” and “ Respond to ” But there is a huge capacity gap between them .XDR It's in this context , To cure “ Pain points ” Produced .

2020 year , International authorities Gartner take XDR Named the first major security trend , And said XDR The solution will improve detection accuracy , And improve safe operation efficiency and productivity .

Resolve invalid threat alarm overload 、 Low efficiency of safe operation 、 It is difficult to trace security threats ....... The specific term ,XDR It is a unified security event detection and response platform , It can be linked EDR、SIEM、SOAR And so on , Realize cross product 、 Cross level secure data acquisition 、 Threat detection and incident response . meanwhile ,XDR Based on big data analysis and machine learning ability , Strengthen the analysis of advanced threats , And the understanding and reduction of the killing chain , So that security personnel can really focus on a limited number of truly influential security incidents .

AI+ Data driven XDR The innovation ability will be further improved

Advanced threats accelerate evolution 、 The disadvantages of traditional safety products are prominent , And labor costs continue to rise , Forced XDR The R & D and application of innovative technologies are accelerated .

Huwenyou In the speech ： Although most of XDR Solutions can mitigate the challenges of the complexity of cyber threats , But most XDR Solutions focus on Cross Product Alert Correlation , And still require a lot of manual intervention , The reality is that the operation and maintenance team is devoid of skills under the heavy work pressure . therefore , In the field of threat detection, artificial intelligence technology is required to continuously iterate and optimize , Enhance self-learning and data analysis and calculation ability .

XDR The core of is to use machine learning instead of signature technology . at present , The golden eye cloud is formed by AI Detection capability is the core XDR Solutions and with AI Intelligent and safe operation with analysis capability as the core （AISecOps） Two lines of business , Reduce the burden of safe operation personnel , Realize alarm management 、 Investigate 24x7 coverage of incident response ,  So as to further improve the efficiency of safe operation .

XDR It is the inevitable choice for data-driven security development

Liuzhicheng Express , Data as the core productivity of security capability , crucial .

Static data from a single data source , Logging is the foundation of the first generation of security products , The static data from multiple data sources combined with manual processing and analysis form the first generation of safe operation platform SOC. With an evolution of the whole era , Flow analysis , A dynamic data situation awareness product is emerging in the industry , Domestic products called situation awareness . Integrate multi-source static 、 Artificial intelligence analysis of dynamic data , Form the asynchronous second generation security operation platform SIEM, Real time synchronous automatic arrangement of artificial intelligence analysis of multi-source static and dynamic internal and external data （SOAR） And application XDR.

XDR The value it can bring is becoming more and more obvious , One side , It extends metrics to increase the visualization of information collection , The system of threat intelligence combined with security intelligence , To improve the automation of safety analysis , Facilitate threat detection , Improve the accuracy and timeliness of safety analysis and detection , Automation and orchestration speed up response and response , This is also the process to minimize the risk

from 21 year Gartner According to the released technology trends ,XDR It still needs a certain maturity period , A technology that is undergoing a mature and rising stage , Then it will face different challenges in the future , There will also be a period from rising to declining , And then the process of growing up , So ,XDR It is the necessity of data-driven security development .

Now , Network security manufacturers speed up the layout , Launch multi form XDR product , reflect XDR Broad market prospects . however , real time 、 dynamic 、 intelligence 、 Automation technology remains a constraint XDR The key factor , Only continuous innovation can break through the bottleneck .

Common talk XDR future   Talk about the new development of the industry

At the end of the Seminar , Liuzhicheng presided over the round table discussion , By connecting fengjunhe 、 Huwenyou 、 Gong Lei and Chang Hao , From an information island 、 obtain evidence 、 Customer 、 Industry development, etc XDR The future development trend of technology .

Fengjunhe Express , The first problem to be solved , Namely XDR The linkage between products , He believes that there is an information island between products , This has led to security personnel , Not using the product well , Information sharing between products , There is also , Once the information island between products is broken , Can produce the effect that one plus one is greater than two .

about XDR Difficulties in landing , Huwenyou Express , The biggest difficulty is how to make the front-end acquisition equipment light and small , If the front end is too heavy , Whether it is network traffic or terminal data collection , Will be affected , The heavier you do , This means that the greater the impact on terminal performance , This leads to stability 、 reliability 、 Compatibility and other issues . Take traditional products for example , Huwenyou mentioned , Traditional products only solve the alarm problem , The original traffic and the original data on the terminal cannot be collected ,XDR The development of , The most important thing is to solve the problem of investigation and evidence collection , That's the only way , The research and analysis personnel can conduct corresponding research and Analysis on the alarm log .

Gong Lei Think ,XDR Under the original system , Reasons that are still widely recognized , It is because it covers the defense capability across fields 、 Ability to detect and respond . From this point of view ,XDR It is a core carrier in the overall construction of the enterprise in the future , Thus it is widely expected .

With the rapid development of information security , Chang Hao mention ,XDR The program provides a particularly good overall control and brain , On the basis of this brain , The whole industry can form a joint force , To solve the problem of data format standardization . The present , The friendliness of the data format is not good , Especially the technical ecology of interfaces , There is no uniform standard , Compared with the competitive products of foreign enterprises , The friendliness of technological ecology , There is still a lot of room for improvement . Recent years , Customers are very concerned about the business performance of information security , So as to make business security more valuable ,XDR Expand the scope , After deepening various abilities , To some extent, it provides customers with more possibilities , So at the level of business security , Let the value of information security be reflected .

As the most popular security technology direction in recent two years ,XDR Undoubtedly, it integrates many security capabilities , And these individual capabilities will be fully coordinated , So as to make it an up-down linkage 、 An organic whole of front and back cooperation . however ,XDR There is still a long way to go to become a universal product . Every step is worth a thousand miles , Not small flow into the sea ,XDR Our future also needs the joint efforts of global security manufacturers .

​ ​ see XDR Seminar video playback ​​

​​ ​ Enter official website , Learn more about ​​

official account ： Cloud Security Alliance CSA