Fortinet : FortiXDR—Fully Automated Threat Detection, Investigation, and Response

Digital innovation has transformed businesses and the networks they use to run critical applications, perform online transactions, connect remote workers, and collect and process critical data. And as in the past, these advances raised new security challenges, giving rise to new security solutions designed to address those challenges. However, the speed of transformation left organizations with little time to consider the broader security infrastructure when implementing those solutions. And as a result, now more than ever, today's security teams are left trying to manage a vast collection of security tools from a variety of vendors and establish some sort of visibility and consistent policy orchestration and enforcement across their organization. Among other challenges, security teams struggle to detect and respondto more-and more damaging-cyberattacks across a complex and largely isolated security toolset.

In talking to our customers, typically through online executive briefings, most understand the logistical and technological challenges of this complexity and are interested in moving from dozens of different security vendors and products to a handful or less of security platforms, complemented by point products where necessary. So it's not surprising to me that, according to Gartner, 80% of organizations are either currently or planning to consolidate security vendors. But the question at hand is, 'how do I decide which vendor(s) to choose as we consolidate?'

While there are pragmatic considerations like satisfaction with the vendor, breadth of controls available in their platform, effectiveness and features of each control, and more, an organizing principle has emerged to simplify and integrate that process-XDR, or eXtended Detection and Response. Defined by Gartner as 'a security incident detection and response platform that automatically collects and correlates data from multiple security products,' XDR enables an essential integration principle that leverages existing technologies to create unified vision and control over complex, distributed environments. This is a much preferred consolidating principle than procurement-driven decision making ('the vendor has offered us a great deal on a suite of products.') XDR enables different security solutions to see, share, and analyze data so they can more effectively detect threats and deliver a coordinated response that covers the entire attack surface.

While this sounds like a great idea-and it is-it is much more complicated than it may appear on the surface. Some XDR solutions come from large security vendors that can integrate multiple products within their portfolio, and others come from smaller start-ups that seek to provide a normalization layer above components from different vendors. There are pros and cons to each approach. In the first case (single-solution vendor), one should expect a unified vision, common policy experience, tight product inter-relationship, and other benefits. The biggest downside is likely to be the limited choice within that vendor's portfolio. By contrast, choosing an 'open' XDR approach eases that single-vendor constraint, but is likely to fall short in other areas such as integration, analytics, or automation. In my experience, the effort to ensure central management across many products (and multiple versions thereof) is substantial. Multiplying that exponentially across the diverse vendor landscape, not to mention the tall task of analytics and automation on top of management, results in a huge effort for such vendors and a variety of limitations for the end customer.