The evolving cyberthreat landscape and the volume of cyberattacks have heightened the need for MSPs to adopt a holistic cybersecurity approach to provide the protection their customers need. The emergence of XDR (eXtended visibility, Detection & Response) has become a popular technology for MSPs to deliver Cybersecurity-as-a-Service, without making the investment it takes to provide a scalable Security Operations Center (SOC). To learn more about XDR and the recent recognition by CRN as a finalist for the Tech Innovator Awards, we sat down with Shani Mahler, Product Management Director, Engineering for Barracuda XDR.
Q: For those that are unfamiliar with the acronym XDR, can you explain what XDR is?
A: XDR is essentially Managed Detection and Response (MDR) extended beyond desktops or laptops. As many of us know, there is much more involved nowadays such as cloud infrastructure or email. XDR takes MDR to the next level. To put it simply, it’s SOC (Security Operations Center)-as-a-service. When an organization implements XDR, all their security tools are monitored, and their information is centralized into one single platform.
Q: How does XDR benefit MSPs?
A: Leading up to the pandemic, a lot of MSPs were creating their own cloud environments and doing a lot on the network operations side of the house. This was their managed offering for customers. Due to the sudden shift to work-from-home environments, they were forced into the world of changing their business paradigm. Ultimately, they were led to support the more traditional cloud-based offerings like AWS and Microsoft 365. These MSPs were looking for a different opportunity where they can do the managed part of it, this is where XDR comes in.
The XDR platform also gives a sense of comfort to the MSPs because they now have one vendor to call 24×7. Individual security products are not the backbone that MSPs can always call and rely on. It’s all about building relationships and trust with them.
Lastly, there is no other “one-stop-shop” for MSPs to be covered in all areas of security. Organizations are getting attacked through firewalls, through social engineering emails, and more. For anyone to take that all on themselves is a big challenge.
Q: What are some of the major trends or changes that are driving the demand for XDR?
A: First, smaller companies are being targeted more often. Previously, SMBs were the indirect overflow of a targeted phishing scam, where they could potentially fall for it, too. Now, they are directly being targeted. Secondly, MSPs themselves are now being targeted. Lastly, all other cybersecurity trends that we’ve been seeing such as ransomware and email threats are continuing to be trends to keep watch of.
Q: Why do you think Barracuda was named a finalist for the CRN Tech Innovator Awards? What sets Barracuda XDR aside from the competitors?
A: There are many companies that claim to offer an open XDR platform. An open XDR platform, or as I like to call it “bring your own tech stack to the XDR product suite” makes providing XDR services to a customer easier for the customer. That’s what Barracuda XDR can do. We don’t tell you that you must have a specific email gateway, or a specific endpoint monitor, etc. We support a large variety of data sources to cover as many companies as possible. As a result, we have a broad offering. In addition to going broad, we also go deep, which is why we ultimately became a finalist in this category. We don’t just monitor a data source, we have SOAR, threat intelligence, and much more.
Another reason is the amount of threat types we detect across the data sources being monitored. We don’t have one or two detections for a data source, we offer dozens of detections. We map our detections to the MITRE ATT&CK® framework to demonstrate our coverage for each attack types. For instance, an attacker can be performing reconnaissance or data exfiltration, which are tactics under the MITRE ATT&CK® framework. The specific way an attack can perform reconnaissance or data exfiltration, or the techniques, are marked within Barracuda XDR to illustrate our protect coverage. I like to think of MITRE ATT&CK® as a “choose your own adventure” for attackers, and our mappings show just how well Barracuda XDR can protect businesses. We use the MITRE ATT&CK® mappings as one of the ways to prove the depth of our threat hunting capabilities.
On top of offering broad and in-depth threat detections, we also offer SOAR (Security Orchestration, Automation and Response). If you know there’s a big bad wolf, it’s only good if you can find him quickly and respond quickly before more harm is caused. SOAR allows us to automate investigations and threat enrichments, thereby shortening the time for our security experts to discover a bad actor.
Photo: Gorodenkoff / Shutterstock