Security News
Secureworks CEO Wendy Thomas On Shifting From MSSP To XDR And A ‘Partner-First’ Model
Kyle Alspach
With the transition from managed security services provider to vendor now well underway, and demand surging for its extended detection and response (XDR) platform, Thomas tells CRN that ‘it was time to make the full transition to partner-first.’
Open XDR Approach
Secureworks believes that its open approach to XDR has resonated with the market, Thomas said. “We’re not requiring our proprietary agent to be deployed, if you have one of our supported agents -- of which we’re supporting the vast majority of the market.”
Another fundamental approach that’s different with the company’s XDR “is that we built this from the ground up, from the first line of code,” she said. “And the importance of holistic detection and response, it is that full coverage, but it is the data architecture underneath of ingesting that telemetry that is not just aggregating the alerts from the individual point products. But again, it’s really distilling those into the one alert that matters, so that you can focus your resources on the things that really matter and reduce your risk and reduce your time to response.”
Other vendors that purport to offer XDR often are still largely focused on the environments they originally focused on — such as endpoints or networks — but there’s a lot more to correlating threats today than just considering those systems, Thomas said. “What they’re really doing is they come from their point of strength, and then they use a SIEM-like approach to just aggregating the other telemetry. That is not cross-correlating and distilling that telemetry into the alerts that matter. It’s really just a new version of a SIEM under an XDR label,” she said. “And that’s probably the biggest fundamental difference. [Most other vendors are] either not open, so you’ve got to move to their proprietary stack, or they are really just aggregating like a SIEM.”
Learn More:
Cybersecurity
