McAfee XDR: Taking Threat Detection and Response to a New Level

By on Jun 29, 2020

In the battle to protect digital data, the stakes have never been higher, and the outcome has never been more uncertain.

Enterprises face ever-changing threats to their digital assets both inside and outside the traditional network perimeter from sophisticated threat actors, who use a changing assortment of techniques to find ways to skirt traditional security controls.

It’s also increasingly difficult for SOC teams to stay ahead of the attackers. Too often, they rely on an assortment of disconnected security tools and data sets supplied by different vendors. This is a flawed approach that requires multiple tools and consoles, driving up cost and the resources to make sense of the sea of data, leaving organizations with less visibility and manageability.

Many organizations still rely on EDR systems to get information about attacks against their endpoints that may be undetected or unclassified by traditional EPP solutions. However, enterprises nowadays require an extended protective umbrella that can defend not just legacy endpoints, but also mobile, and cloud workloads – all without overburdening in-house staff or requiring even more resources. Detecting today’s advanced threats requires more than a collection of point solutions. SOCs need a platform that intelligently reveals advanced adversaries leading to better, faster security outcomes.

The Rise of XDR

Companies simply can’t afford not to have full visibility into who’s trying to attack them. Here is where the deployment of Extended Detection and Response (XDR) can have a powerful security impact. XDR isn’t a single product. Rather, it refers to an assembly of multiple security products (and services) that comprise a unified platform.

Gartner defines XDR as a SaaS-based, security threat detection and incident response tool that natively integrates different security products into a cohesive security operations system. That’s a mouthful, but in practice, XDR makes the job of defenders easier by delivering a full complement of security capacities – everything from asset discovery and threat detection to vulnerability assessment, investigation and response. We see how detection efficacy drops when multiple platforms and consoles are required to identify and remediate threats. But with XDR, defenders have a single pane view into their environment across different platforms, both on-prem as well as in the cloud.

It also changes the nature of threat-hunting. Consider an organization that’s using a SIEM. While the system collects information in batches – typically from non-endpoint data sources and security countermeasures –  that isn’t the same as delivering real-time results. Even if SOC teams try to get faster answers by stitching together custom tools to correlate data, they still lag behind the attackers.

By contrast, an XDR platform will offer access in real time to all necessary telemetry to conduct a hunt and retrieve results in seconds. That helps defenders streamline the process of triage and investigation and unlock insights that were previously unimaginable using previous security tools.

Making a Difference

XDR is not a bullet-point discussion. We’re talking about different needs, delivered in different ways, and for different customers and leveraging a unique set of multi-vendor sensors and countermeasures for each.

This is where a trusted partner with a broad portfolio makes all the difference in that customer journey. As cybercriminals and groups acting on behalf of nation-states step up their nefarious activities, the outcome of this struggle against bad actors turns on speed, reliability, and predictable security outcomes.

An innovator in this field, McAfee is particularly suited to help customers to meet that challenge with a sophisticated intelligence-driven security platform. As Gartner noted earlier this year in a wide-ranging report on XDR, McAfee’s approach leverages a deep technological understanding of the relationships in the underlying data to help speed rapid out-of-the box integration.

McAfee’s XDR also benefits from a rich security legacy and a deep product portfolio. We’re also uniquely equipped to provide actionable intelligence on security threats because we can access over one billion global sensors across devices, networks and in the cloud.

The mobilization of that full complement of security capabilities delivers more complete threat detection, investigation, and response than any other security provider. For instance, when enterprises implement the security products that comprise McAfee’s XDR solution, they also benefit from the following:

  • AI and Expert System Security Analytics
  • A single interface for detections at the endpoint, sandbox, network, Internet perimeter/edge/gateway, and cloud
  • Accurate threat prioritization that helps predict potential impact as well as any countermeasures to foil an attack – the only solution that does this in a concurrent manner
  • Combined threat and detection data from your environment for richer, more meaningful alerts as well as prescriptive configuration suggestions to improve protection efficiency
  • More context and intelligent correlation leading to faster detection and higher fidelity alerts

The upshot is that McAfee XDR dramatically reduces the time defenders need to detect, contain, and respond to threats. Our AI and Big Data analytics capabilities supplies SOCs with threat and campaign insights before an attack changes course, so they avoid wasting time chasing false positives. Defenders get fewer and more meaningful alerts, making it easier to prioritize their response based on the severity and potential impact of a threat.

In a nutshell: McAfee XDR delivers a complete platform that provides SOCs visibility into how threats are impacting your key business processes, prioritization of response and delivers a full-integrated platform of security technologies.

While it may still not be ready for prime time,  XDR is poised to become an important part of the unfolding security story this year and beyond as more enterprises move their information to the cloud. It’s also why having an experienced partner by your side to help unlock the full benefits of a cohesive, unified security incident detection and response platform has never been more important.

For more information visit:

About the Author

Naveen Palavalli

Naveen Palavalli is the Vice President of Product Marketing and Competitive Intelligence at McAfee Enterprise where he leads the Enterprise product and solutions go-to-market strategy. He has nearly 18 years of cybersecurity experience setting strategy and leading cross functional teams to drive global portfolio product marketing/management and go to market (GTM) programs. Naveen holds an ...

Read more posts from Naveen Palavalli

Categories: Endpoint Security

Subscribe to McAfee Securing Tomorrow Blogs