Tuesday, February 8, 2022

Discussion on XDR and the SOC

 Tags: SOC, XDR, Gartner, Ponemon Institute

Sources:

Relevance: What is XDR going to be when it matures? EDR… XDR… It's not quite the same thing. XDR is starting to gain traction as a beloved moniker. How do we shape the industry and VMware's story? The following is a representative, but not exhaustive, list of potential future XDR vendors from Gartner’s Innovation Insight: Cisco, Fortinet, Fidelis Cybersecurity, McAfee, Microsoft, Palo Alto Networks, Symantec, Trend Micro, FireEye, Rapid7, and Sophos. How does VMware fit into this narrative?

Pushing this further – welcome to the intersection of XDR and the SOC.

From Gartner Innovation Insight report:

The three primary requirements of an XDR system are:

1.      Centralization of normalized data, but primarily focusing on the XDR vendors’ ecosystem only.

2.      Correlation of security data and alerts into incidents.

3.      A centralized incident response capability that can change the state of individual security products as part of incident response or security policy setting.

Extended Detection and Response Conceptual Architecture:

This was insightful from the Ponemon Institute research report on SOCs:

Systems Security Engineering: A Primer

 Tags: advanced persistent threat; assurance; controls; cyber resiliency; cyber resiliency approaches; cyber resiliency design principles; cyber resiliency engineering framework; cyber resiliency goals; cyber resiliency objectives; cyber resiliency techniques; risk management strategy; system life cycle; systems security engineering; trustworthiness

Sources:

Discussion: Where can you go to learn how to engineer and develop secure systems?

Take a look at the newly released SP 800-160 Vol. 2 Rev. 1 to learn more about cyber-resilience. Specifically, cyber resiliency engineering “intends to architect, design, develop, implement, maintain, and sustain the trustworthiness of systems with the capability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises that use or are enabled by cyber resources.”

Know a smart architect or developer interested in strengthening their knowledge of security principles?

Have them read each of the sections below one week apart and test them over the content.

  • D.3 CYBER RESILIENCY TECHNIQUES....................................................................................................... 89
    • Basic concepts… e.g. ANALYTIC MONITORING
  • D.4 CYBER RESILIENCY IMPLEMENTATION APPROACHES....................................................................... 92
    • Expanded concepts briefly covered in D3… e.g. ANALYTIC MONITORING extrapolates into [1] MONITORING AND DAMAGE ASSESSMENT, [2] SENSOR FUSION AND ANALYSIS, and [3] FORENSIC AND BEHAVIORAL ANALYSIS
  • D.5 CYBER RESILIENCY DESIGN PRINCIPLES .......................................................................................... 109
    • Covers specific strategic design principles