Extended Detection and Response (XDR) is being hailed as the security solution for the modern IT ecosphere’s growing complexity. The idea is to expand EDR threat hunting beyond the endpoint and into the infrastructure as a whole. Cybereason and Google Chronicle have established a cooperation, with the latter providing ecosphere data and the former providing threat hunting capabilities.
“Over the last 18 months, the previous paradigm for what a network looks like has fundamentally changed,” says Yonatan Striem-Amit, CTO and co-founder of Cybereason. He told that IT professionals now have to secure a “insanely complicated and heterogeneous environment.”
“Today, an analyst must understand endpoint threats, network threats, IoT threats, e-mail, SaaS, cloud, and its services and architecture in order to be effective.” Keeping track of all of them using diverse tools becomes a huge challenge.”
To transform an EDR solution into an XDR solution, it must first collect data from the existing IT security stack, and then extend the EDR data analytics to include the gathered data in the analysis.
The data collection is provided by Cybereason in collaboration with Google Chronicle. It has also expanded the scope of its MalOps analytics engine to include email, SaaS platforms, and the cloud. Cybereason XDR is no longer the primary data source. Customers get the best solution from Google, SIEMs, and other tools integrated with Cybereason’s hunting engine when best-of-breed solutions onboard their data into the new system.
“We extended the engine,” Cybereason explains, “but the underlying elements haven’t changed.” We can collect it all and respond to it in one click with the same MalOps engine, the same capacity to hunt throughout the stack, the same ability to locate complicated stories and complex attack narrative lines no matter where they started or how complex or expansive they are.”
“By partnering with Google Chronicle, we can leverage Google’s 20+ years of experience indexing and extracting value from data to map the planet,” Striem-Amit stated. “We’re integrating Cybereason’s analytics engine – our ability to apply an operational centric approach – to discover and recover threats and provide the whole end-to-end storey,” says the company. Using our XDR engine in conjunction with Google Chronicle, we can prevent, automate, identify, and respond to attacks across the whole IT environment from a single system. Hackers will no longer be able to lurk between the cracks.”
The demand, according to proponents of XDR, is serious and urgent. There have been scores of large attacks in the recent year, ranging from SolarWinds to attacks on Microsoft Exchange Servers, as well as crippling ransomware threats from DarkSide, REvil, and others.
“This isn’t only a resource-based attack,” Striem-Amit explained. “Attackers and defenders are no longer playing in the same assets they used to play in. It’s no longer an endpoint issue distinct from a network issue distinct from a security policy issue. However, by combining Google’s capacity to bring data from all of these sources and make it accessible and standardised at the scale that only Google can provide with Cybereason’s XDR hunting engine, we can deliver our operations centric approach, using our MalOps engine, throughout the stack.”
The cooperation between Cybereason and Google was revealed at Google Cloud Next ’21.
“With security products that reach clients wherever they are, Google Cloud is focused to delivering the industry’s most trusted cloud to expedite customers’ digital transformation efforts.” “Cybereason continues to shake up the market and execute on their ambition for a future-ready extended detection and response defence platform,” stated Thomas Kurian, Google Cloud’s CEO.
If you trust Cybereason’s EDR, then Cybereason’s XDR, in collaboration with Google Chronicle, provides the same capabilities throughout the whole IT stack.