2023-08-22 06:30:39
Having become an essential weapon in the fight once morest cyber threats, XDR raises its own challenges in the absence of a common language and standard formats for exchanging information on threats. To advance the standardization of XDR, the OXA project, by creating an international standard of architecture, opens the way to a new era of collaboration and efficiency in the field of cybersecurity.
By David Bizeul – co-founder Sekoia.io
To ensure the detection and response to threats on all of their cloudified flows, XDR (eXtended Detection & Response) technology is gradually establishing itself as the reference in the arsenal of cyber defense strategies for companies and administrations. With XDR, organizations are shifting from risk detection to threat detection. Definitely, this technology gives an unparalleled ability to detect truly dangerous events within the company in real time. Enriched with the right information, it is also the end or almost the end of the nightmare of repeated false positives.
However, the dynamics of the XDR market hide inherent difficulties in understanding data and events in inputs and outputs. It forces publishers, including core XDR players, to deploy mad energy and resources in the race for interoperability with other cybersecurity operators. The development of an international architecture standard capable of ensuring a common language between the different solutions should help to overcome these difficulties. Here’s why and how:
Advantages of XDR to transcend
In France, thanks to projects such as Open XDR, publishers are working on standardization and interoperability between their solutions in order to improve the detection and protection of the largest accounts. This ability to federate, connect and automate different cybersecurity solutions around an EDR solution for better use for users is excellent. These editors, although sometimes competitors, have indeed a real expertise to bring whether it is on the protection of the email, the network, the mobile, or even the workstation.
However, a question arises: how to do it with all the solutions from an agnostic point of view? We need to find ways to further gain operational efficiency by overcoming the limitations of current solutions, including XDR. Because even he does not solve everything!
READ ALSO :
Data / IA
Six preventive measures to counter corporate deepfakes
Open XDR Architecture, a standard to gain collective efficiency
Beyond the virtuous model of any collaborative work, several lessons lead us irresistibly towards an open international standard:
Make up for the lack of a common language to articulate the different connectors
SIEM or XDR environment, it doesn’t matter, the products always have trouble interacting with each other and the publishers are all faced with the same concern: everyone must develop as many connectors as there are third-party security solutions (EDR, NDR, cloud protection , identity management, etc.) to be applied to its own solution in order to receive, understand and interpret the resulting data. This represents hundreds of integrations, thousands of hours of work, for each one. Worse, the data formats of each of the players are constantly evolving. It’s an endless race, time-consuming and tiring. We have reached the operational limits to manage more and more connectors!
The OXA project offers a proven model for rationalizing knowledge and speaking the same language. The consortium, which brings together Glimps, Harfanglab and Sekoia.io, is working to define pivotal language interpretation formats that are understood on input and processed on output. Rewarded as part of the France 2030 plan by being the winner of the Grand Challenge – Phase 2, OXA aims to offer an architecture of the operational control tower : just as an airport communicates with different aircraft from several companies and different languages, the goal is to be able, in the long term and on a planetary scale, to rationalize the language formats and federate the ability to speak to all the security components connected to an XDR.
Streamline creation of input formats
Rather than each processing all the formats of all the editors, the definition of language repositories in OXA – or pivotal formats – will allow once and for all each editor, which knows its tools and data formats best, to decide on the good translation between the data produced and how it should be understood and interpreted. In addition, this will avoid the biases observed when data is incorrectly entered or understood by SIEM and XDR editors.
Streamline output formats
Similarly, a central detection & response solution must know how to talk to all types of components and technological profiles by giving them generic commands. For example: to transform a generic order destined for an EDR solution, the XDR platform offers a pivot language understandable by everyone, and the publisher maps actions in a language understandable by an agent or an API. Example: killing a malicious process might call the following API path: number/kill/processID
XDR remains a strong field of innovation, subjects such as the recording of components, the dissemination of knowledge or the automation of piloting are still in their infancy and will evolve significantly in the years to come.
To go even further on the international level, the OXA project will precisely propose the provision of an open data model that will allow any structure to interact with any XDR in a very simple way. This initiative will be supported via Open Cyber Alliance as part of the implementation of OASIS standards.
READ ALSO :
Secu
9 2023 cybersecurity trends that refocus on people
We send you a validation email!
1692686617
#vers #standard #international #darchitecture #XDR