In our first post on demystifying the concepts and practices behind extended detection and response (XDR) technology, Forrester analyst Allie Mellen joined Sam Adams, Rapid7's VP for Detection and Response, to outline the basic framework for XDR and highlight the key outcomes it can help security teams achieve. One of the core components of XDR is that it expands the sources of telemetry available to security operations center (SOC) teams so they have richer, more complete data to help them detect and respond to threats.
That raises the question: How do SOC analysts keep productivity high while sifting through huge volumes of data?
Automation is one of the key ways SOC teams make their processes more efficient as they identify the most relevant threats and initiate the right responses. But automation can't do everything an analyst can, and finding the right balance between machine learning and human know-how is an essential part of a successful XDR implementation.
Become the bridge
As Sam pointed out in his discussion with Allie, the security analyst acts as a bridge between what the data is saying and what the right course of action is in response to it.
“I got the alert, and you know, that's not the hard part anymore," he said. "The hard part is responding to the alert and figuring out what to do with that alert – and really, what the impact is on my company."
For Allie, XDR helps analysts find a balance between security and productivity, but not by leaning too heavily on automation. In fact, she suggested we'v ..
Support the originator by clicking the read the rest link below.
