XDR (eXtended Detection and Response) is a new Gartner category, which, we’ve argued before, is SIEM++, or what next-gen SIEM should have been.
This is why we are packaging our latest feature updates into an XDR offering that should greatly improve the detection and response capabilities of any organization, especially mid-market organizations, which gain the most benefit from integrated, easy-to-use platforms.
LogSentinel XDR is a unified security monitoring and response platform. It combines the capabilities for SIEM, EDR and other security tools:
- Log collection, classification and search – from any source, supporting many formats and protocols with great flexibility.
- Log Correlation – finding potentially malicious behaviour and threats across sources
- Endpoint detection – our optional agent component supports rootkit detection, agent-based rule evaluation, security configuration assessment and file integrity monitoring
- An automated response across assets – execute responses against endpoints, firewalls, active directory and cloud assets
- Auto-configuration for known sources – you typically don’t have to specify your vendor in our connectors, they are automatically recognized
- Full packet capture – get the full network traffic and transform it to flows for improved threat detection
- Phishing detection – monitor dedicated inboxes for phishing emails, which is the number one attack vector
- Threat intelligence – consume known malicious IPs, domains, URLs, emails and file hashes and publish threat feeds yourself.
- Leaked credentials monitoring – get notified if a corporate email is detected in known password leaks
- Website integrity monitoring – make sure you get notified about changes in javascript files that can be used to exfiltrate payment data or credentials from your websites
- Vulnerability assessment – run vulnerability scans regularly and correlate the results with other sources
- Asset discovery – discover and catalogue your attack surface
LogSentinel XDR integrates cloud and on-prem into a single pane of glass for both collection and response. We leverage our own platform core combined with great open source tools like OSSEC, ZAProxy, OpenNMS, to provide this wide range of capabilities.
XDR promises have been vague so far. For us, XDR has three key aspects:
- More than just logs
- Ease of integration and configuration
- Turnkey detection and response
A unified security monitoring and response platform is more than necessary in today’s threat landscape. And we are ambitious enough to provide one.
Bozhidar Bozhanov is a senior software engineer and solution architect with 15 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He’s also a former government advisor on e-government, transparency, and information security.
