The Promise of Open XDR becomes Possible with Newly Awarded Patent
We’re already overwhelmed by XDR, right? [XDR=eXtended or cross-platform Detection and Response] A new vendor-led buzzword craze without any real substance. How is this different from SIEM or EDR or UBA or SOAR?
With everyone XDR-washing, it’s not. Especially when there seems to be little more than a lot of hype and some flashy demos to validate its existence.
So instead, let me introduce you to the GreyMatter Universal Translator™.
The Universal Translator is a translation layer to gather and normalize data on demand from leading security technologies, cloud providers, business apps and more. Think of this as the backbone for a no-code, integration and automation hub. We believe this is the foundational principle that can bring XDR and its various flavors (Open XDR, Hybrid XDR) to life. Providing the technology platform to integrate and get value from a security operations teams’ existing tools and get that unified detection, investigation, response and resilience workflow. A unified workflow is what we’ve set out to do, and thanks to the Universal Translator, we are.
While we’ve just received the patent, it’s been delivering the goods for our 250 enterprise customers for about a year now. It makes three things possible, that up until now, have been mostly impossible for enterprise security operations teams.
Open XDR-as-a-Service makes security technologies interoperable.
APIs, SDKs and AppStores do not curated integrations make. While most security vendors have published capabilities and even packaged apps delivering “integration” for years now, implementing said integration still requires a heavy lift for security operations teams. These apps may even be certified but few are maintained, validated and optimized on an ongoing basis, leaving SecOps teams to build, manage, patch, version control, architect data flows and more. Not as “out-of-the-box” as advertised. Packaged apps usually offer integration that is one way versus bi-directional. What about when you want data or information to flow across multiple tools or data sets? When does that normalization happen so you’ve truly got an apples-to-apples comparison?
That is the whole concept behind the Universal Translator. It creates a common language acting like a Babel fish parsing and normalizing data into the language of your choice—the language a particular analyst or architect is fluent in.
By doing this normalization, ReliaQuest GreyMatter Open XDR-as-a-Service is able to collect, normalize and contextualize the information needed for an investigation or threat hunt. For example in a hybrid phishing investigation across on-premises and multiple clouds, you might need to see data from network, firewall, multiple SIEM, multiple cloud and multiple EDR technologies. With GreyMatter, you can.
|Normalize data from any technology with the universal translator.|
ReliaQuest customers see value in eliminating the maintenance and engineering costs traditionally required for security tool integrations. And they are able to operationalize tools faster and reduce total cost of ownership by 35%.
Open XDR-as-a-Service puts the analyst at the center.
When your technologies are interoperable, you can put the analyst at the center—like Professor X using Cerebro—able to sense everything going on in your security (ahem, mutant) realm.
With the Universal Translator, the GreyMatter platform’s detection content—and therefore alerts–are unified. By de-duplicating alerts, and applying machine learning to screen out false positives, the platform reduces alert noise by 89% across multiple technologies. And, when an analyst is served an alert, the platform has collected the relevant context from across tools—again, normalized—so the analyst doesn’t need to pivot across six or more tools to fully prosecute an event.
Open XDR-as-a-Service makes automation possible.
You can’t automate what you can’t see. And if data and fields aren’t normalized or speaking the same language, how could you ever trust that data to automate decision-making and response for you? And it’s not just automated response. There are so many opportunities to automate across the security lifecycle, from artifact and data collection and orchestration to continuous assurance.
With the Universal Translator we give your analysts the data and insights they need when they need it without requiring that they also build and manage the integrations, the automations, the detections, the attack simulations and more.
Instead, analysts can become experts in your business. Knowing if they should care more about disruption or critical apps based or exfiltration of personally identifiable information (PII) or intellectual property (IP); whether ransomware is a concern or you should be concerned about third-party access. When they have the time to get out of reactive mode you can better understand the business to better educate on and manage risk. You’ll have time to be brought into strategic decisions, proactively plan, test and hunt across your environment.
It’s not that security is impossible. We’re asking security operations teams to do an impossible number of different types of tasks. But when we insert technology into the right stages of the process, we can ease the tedious components of the security operations workflow, to provide a better, more meaningful experience for our security teams.
Check out the demo above or learn more about how the Universal Translator powers Open XDR-as-a-Service from one of the patent authors, Brian Murphy.