From Defense-in-Depth to Defense-In-Concert: Gain Holistic Security with Open XDR

From Defense-in-Depth to Defense-In-Concert: Gain Holistic Security with Open XDR

Summary


Defense-in-Depth leads to IT and cybersecurity professionals struggling with managing too many security tools with little to no integration.
Defense-In-Concert is a strategic approach to cybersecurity that drives collaboration and contextualization of security data within the infrastructure.
Open XDR empowers security teams to deploy Defense-In-Concert with better security outcomes and simpler security operations.

The modern threat landscape moves at a rapid pace. With the onset of 2020’s global pandemic, this axiom played out in front of our very own eyes. As millions of workers moved to a remote home office, attacks on home-based routers surged 210% to reach nearly 2.9 billion—amounting to 15.5% of all home routers.1 With an increased attack surface, Defense-in-Depth is no longer good enough. A Defense-in-Concert approach is needed to provide a holistic framework to help security teams support corporate initiatives without compromising corporate security.


Defense-In-Depth: The Law of Diminishing Returns


Before we discuss what Defense-in-Concert is, let’s talk a little about what it isn’t. The traditional approach used by organizations to slow down adversaries is to embrace a defense-in-depth strategy that uses multiple layers of security controls.  A common theme to this approach is to address new threat tactics by adding new solutions to your current technology stack. The impact of Defense-in-Depth is best characterized by the law of diminishing returns. As organizations add more protection, they also add greater complexity and can even compromise threat protection. Recent research reveals that on average, enterprises deploy 45 cybersecurity-related tools on their networks. When the number of tools deployed reaches 50, these enterprises rank 8% lower in their abilities to detect threats and 7% lower in defensive capabilities, compared to companies with smaller toolsets2. The level of expertise needed to maintain Defense-in-Depth forces security analysts to manage each solution from a separate console, forcing th ..