Extended Detection and Response (XDR) is an exciting new direction for security teams at universities, whether they are looking for a more cost-effective approach (or alternative) to SIEM, less integration hustle, better privacy protection or the most technologically advanced solution.
Security teams at organizations of all types are facing similar challenges: “noisy” networks overwhelming small Security Operation Centers (SOC) teams and expensive SIEM solutions that are complex, time-consuming and difficult to install and maintain. An additional headache is onboarding , i.e., integration, of more and more data sources that will feed their SOC, as well maintaining these integrations “healthy.”
Security managers at universities are facing MORE challenges, in addition to these. If budgets are tight everywhere, universities today face an even more difficult financial reality with COVID-19 adding in-person learning and tuition uncertainty into the mix. Vulnerability is also higher – with long-distance learning so prevalent, an effective breach can bring university learning to a halt. Lastly, university security teams need to protect the privacy of students and staff, protect highly-sought after research data, and still enable a free flow of information.
University SOC leaders should look beyond Security Information and Event Management (SIEM) solutions to Extended Detection and Response (XDR) tools. The XDR approach extends protection beyond endpoints to provide detection and response across broader systems and networks. These include cloud services, on-premise data centers, WFH employees and students, and Internet of Things (IoT) networks – basically pretty much all of the security tools active in the organization, including the SIEM btw, where relevant.
Who should look to XDR and why?
Large university systems who already have a SIEM in place face a barrage of thousands of false alerts to their analysts, often creating a situation where it is impossible to review them all, leading to security vulnerabilities (and as a result to severe breaches, like the recent ones against George Washington University and Newcastle University). Larger universities also have more data, so the cost of their SIEM is also very high, as most SIEM vendors sell per data volume. An effective XDR will automate data ingestion, lowering the number of alerts and the volume of data entering the SIEM in the form of accurate security alert metadata, making for a more effective and less expensive security platform.
Small and medium-sized universities who know they need a SIEM but worry that their small team will not have the capacity to maintain integrations with 3rd party tools, and to write the large volume of correlation rules needed to maintain it (perhaps they already have a SIEM and see that they are paying, but not getting value out of it). An advanced XDR can provide a “fast path” to the most advanced automation technologies, providing better threat classification with a much lower number of alerts that is manageable for even a very small security team of one or two analysts.
Everybody who loves technology. Many universities have information security learning centers. The security market is moving in the direction of advanced automation, and who better than university teams to take advantage of the most cutting-edge technologies available today?
The advantages of XDR in a nutshell:
- Fewer false alerts and less noise.
- Better protection from attacks through automation that identifies high-risk attacks, faster.
- Easier onboarding of new data sources and integrations with 3rd party systems
- Cost cutting for larger teams that have a SIEM in place, or a more cost-effective alternative solution not SIEM.
Read more about empow’s i-XDR solution here.
Check out the upcoming session at the Educause Annual Conference: “Security and Privacy Don’t Have to be Enemies.”