Broadened Detection and Response (XDR) is touted as the security solution for the increasingly complex modern IT ecosphere. The principle is to extend EDR threat hunting beyond the endpoint and across the thorough infrastructure. Cybereason has announced a partnership with Google Chronicle – the latter to provide ecosphere data, and the former to provide the threat hunting means.
Yonatan Striem-Amit, CTO and co-founder at Cybereason, explains the concept: “Over the last 18 months the old paradigm for what a network looks like has altogether changed. Now IT professionals need to secure an insanely complex and heterogeneous environment,” he told SecurityWeek.
“To be effective today, an analyst needs to understand endpoint portents, and network threats, and IoT threats,and e-mail, and SaaS and cloud and its services and infrastructure. Securing all of those with disparate tools becomes an incredibly complex ungovernable.”
For an EDR solution to become an XDR solution, it requires a combination of first accumulating data from the existing IT security stack, and then extending the EDR data analytics to also analyze the stockpiled data.
Cybereason has partnered with Google Chronicle to provide the data accumulation. And it has extended its MalOps analytics engine to examine the wider set of media, such as email, SaaS solutions, and cloud. Cybereason XDR is no longer the first source of the data. Best of breed solutions can onboard their statistics into the new system and the customer gets the best solution from Google, SIEMs, and other tools combined with Cybereason’s hunting mechanism.
“We expanded the engine,” says Cybereason, “but the core fundamentals remain the same. The same MalOps engine, the same ability to hunt across the infuriated, the same ability to find complex stories and complex attack story lines no matter where they started or how complex or expanded they are – we can capture it all and reply to them in one click.”
“By combining forces with Google Chronicle, we take Google’s 20+ years of understanding how to index and extract value from figures and map the world,” continued Striem-Amit. “We’re bringing Cybereason’s analytics engine – our ability to bring the operational centric approach – to find and recover threats and attend to arrange for the complete end to end story. The combination of our XDR engine and Google Chronicle allows us to prevent, automate, detect, and respond to threats across the entire IT landscape within one procedure. It means that hackers can no longer hide between the seams.”
According to XDR proponents, the need is real and pressing. Over the last year there press been dozens of major attacks, from SolarWinds to the attacks against Microsoft Exchange Servers, and crippling ransomware threats from DarkSide, REvil and others.
“These are not simply an asset-based attack,” Striem-Amit said. “The attackers are no longer playing within the same old assets they and defenders used to play in. It’s no longer an endpoint incorrigible separate from a network problem separate from a security policies problem. But by using Google’s ability to bring data from all these originators and make them accessible and normalized at the scale that only Google can deliver, and then combining that with Cybereason’s XDR hunting apparatus, we can deliver our operational centric approach, with our MalOps engine, throughout the stack.”
The Cybereason/Google partnership was announced at Google Cloud Next ’21.
“Google Cloud is assigned to delivering the industry’s most trusted cloud to accelerate customers’ digital transformation efforts with security products that meet them wherever they are. Cybereason proceeds to disrupt the market and deliver on their vision for a future-ready extended detection and response defense platform,” said Thomas Kurian, CEO, Google Cloud.
If you put faith in Cybereason’s EDR, then Cybereason’s XDR, partnered with Google Chronicle, delivers the same capabilities across the entire IT stack.
Related: XDR is a Destination, Not a Mixture
Related: How Integration is Evolving: The X Factor in XDR
Related: XDR Platform Provider SentinelOne Files for IPO
Related: XDR Firm Cynet Raises $40 Million Series C Funding