Extended detection and response or “XDR”, a new, and much lauded approach to threat detection and response.
According to its proponents, XDR provides holistic protection against cyberattacks, unauthorized access, and general misuse of data.
The capabilities touted by XDR supporters are indeed impressive. With this model, security teams can identify hidden threats and exfiltration attempts both proactively and quickly. The XDR approach creates powerful endpoint protection, blocking malware and other exploits through AI-powered systems. It also offers simple and clear visibility for all enterprise data, in all its forms, and in all databases.
All of this sounds great. The only issue we have is that it’s being advertised as something totally innovative and new.
DLP or XDR?
While some are trying to draw a distinction between Data Loss Protection and XDR, the truth is, DLP done correctly delivers on everything promised by the “new” XDR model and more.
DLP as DDR / XDR
GTB’s DLP system is in its essence a DDR (Data Detection and Response) Platform, providing full AI-driven endpoint security, data classification, and automated alerts. There’s just one small difference: GTB does it more accurately. With GTB, security teams can all but eliminate false positives ensuring their resources aren’t being drained and their attention is focused on only the real threats.
The GTB Data Security that Workstm platform enhances and modernizes features across the enterprise, including Cloud Access Security Broker (CASB), Secure Access Service Edge (SASE), Insider Threat and Risk Management, Endpoint Protection Platforms (EPP), and Data Discovery Classification capabilities, resulting in a platform that accurately and automatically detects attempted data breaches while providing automatic responses to streamline the DLP effort.
Visibility: Accurately, discover sensitive data; detect and address broken business process, or insider threats including sensitive data breach attempts.
Protection: Automate data protection, breach prevention and incident response both on and off the network; for example, find and quarantine sensitive data within files exposed on user workstations, FileShares and cloud storage.
Notification: Alert and educate users on violations to raise awareness and educate the end user about cybersecurity and corporate policies.
Education: Start target cyber-security training; e.g., identify end-users violating policies and train them.