Secureworks Puts Managed Detection and Response in XDR

As a managed security services provider for 20 years, Secureworks brings a services-first point of view to extended detection and response (XDR). Or, as Secureworks Director of Product Management Ed Martin says, “we were XDR before XDR was XDR, because we had to pull all the things together in order to enable our own teams to be successful.” As a managed security services provider for 20 years, Secureworks brings a services-first point of view to extended detection and response (XDR). Or, as Secureworks Director of Product Management Ed Martin says, “we were XDR before XDR was XDR, because we had to pull all the things together in order to enable our own teams to be successful.” XDR is a newish approach to threat detection and response that Gartner called a top security and risk management trend of 2020. It combines elements of security information and event management (SIEM), security orchestration, automation and response (SOAR), endpoint detection and response (EDR), and network traffic analysis (NTA) in a software-as-a-service (SaaS) platform to centralize security data and incident response. This improves and speeds up detection and response because it correlates threat intelligence across security products and visibility across networks, clouds, and endpoints. All of the major security vendors either launched or added capabilities to their XDR platforms this year — and each of providers’ platforms plays to their existing strengths and legacy technology while integrating with the missing pieces to complete the XDR stack. Cisco, for example, takes a network-centric view with its SecureX platform, which also includes the vendor’s email and cloud security and integrates with third-party SIEMs including Splunk and IBM Security QRadar SIEM. McAfee’s legacy endpoint and email products play starring roles in its XDR along with newer cloud security technology it’s acquired over the past few years. “You look at the big players out there like Palo Alto [Networks], they are buying everything under the sun to pull together a really well stitched together message about how their XDR can do all the things,” Martin said, adding that Secureworks built its XDR in response to customers and partners requesting the same security and threat-hunting tools that its team used. “We believe that we have a unique view of [XDR], because as practitioners ourselves and having relied on what I’ll call a more closed tech stack in the past, we know the tools necessary for the security team to be successful,” he explained. “And so we believe that we can take from our services heritage and grow the tool stack accordingly.” Secureworks entered the XDR market in 2018 with its Red Cloak Threat Detection and Response (TDR) SaaS product, which combines artificial-intelligence (AI) driven data analytics threat intelligence. A few months later, at Black Hat, it added a 24/7 managed detection and response service on top. “And we’ve been iterating on it ever since,” Martin said. XDR needs “a data lake or SEIM-type tool, so our TDR application helps with that by aggregating endpoint, network, business system, and cloud data into one central data lake,” he said. “We also focus on enabling the analyst through automation capabilities — think early SOAR capabilities, so the ability to do automated response and empowering analysts to be more efficient.” Its endpoint detection and response agent is also part of the bundle, and Secureworks integrates with third-party NTA and network sensor products, “enabling us to respect the investments that our customers have made in that space,” Martin said. That’s another differentiator Martin points to with Secureworks’ XDR strategy: “We’re a vendor-agnostic service provider, so our angle is we’re going to give you access to a platform that enables you to do all the things, and we’re going to respect your investment by being vendor agnostic in the tools that we integrate with.” About 300 customers use its XDR security services, according to Secureworks’ third-quarter fiscal 2021 financials, and the vendor reports annual recurring revenue of 25% from both the TDR and managed detection and response services. Looking ahead to 2021, Martin expects XDR to accelerate as companies look to simplify and unify their infrastructure and data. “I think you’re gonna see a lot of opportunity in the XDR space as 5G rolls out and network borders are essentially disappearing. You’ll see a lot more opportunity for the [operational technology] vendors to step in, and having integrations with existing OT vendors or building analytics and capabilities inside of your product is going to be really important from an XDR perspective, being able to make sense of all that telemetry, which no one is doing a great job of today.”