Share this article on:
For many years, corporate IT teams have relied on security information and event management (SIEM) platforms to provide protection against digital threats.
These tried and tested platforms help the teams to centralise their attack and threat detection activities. As a result, threats can be spotted more quickly, and steps are taken to neutralise their impact.
In recent years, however, a new security solution has emerged known as extended detection and response (XDR). XDR uses the data collected from a SIEM platform to provide a more manageable level of alerts and data, making it an ideal complement to SIEM technology.
However, because the two technologies are similar and tend to have overlapping capabilities, many IT teams are still not clear on exactly how they differ. Gaining this understanding is important as it will ensure the most appropriate tools are put in place to guard critical infrastructure.
Key differences
When comparing SIEM with XDR, four key differences quickly emerge. These differences will determine which is best for a particular deployment. They are:
Finding the right solution
To ensure they have the best possible security infrastructure in place, many organisations are working closely with their chosen MSPs. An MSP can examine their particular requirements and deliver the most effective set of tools.
MSPs are likely to point out that a SIEM platform can be a useful tool if the customer has the time and resources to dedicate to it. If the company already uses a SIEM solution, an MSP is likely to recommend an XDR solution be added to complement and amplify the IT team’s response capabilities.
In reality, the primary challenge posed by a SIEM platform is alert fatigue. The platforms generate a large number of alerts, including false positives. MSPs need to work closely with them to ensure these are managed and do not become overwhelming.
XDR, meanwhile, is ideal for small- to medium-sized companies because the tools save resources, time and costs. However, it is important to realise that XDR is a more specialised solution than SIEM. The latter is broader and can correlate more disparate data, including other solutions beyond the firewall.
At the end of the day, the decision to deploy SIEM, XDR, or both will come down to the individual requirements of the company. By working closely with an experienced MSP, they will be able to make a choice that delivers the level of security protection they need.
Anthony Daniel is regional director – Australia, New Zealand and Pacific Islands at WatchGuard Technologies.