Organisations are facing increasing challenges in detecting and responding to threats across diverse environments. Traditional security systems, designed to monitor networks and detect intrusions, are struggling to keep pace with the volume, speed, and complexity of modern cyberattacks.
In this context, the emergence of AI- driven next-generation SIEM (security information and event management) and XDR (extended detection and response) solutions are reshaping how businesses address and respond to cybersecurity challenges.
In an exclusive interview with iTNews Asia, Gareth Cox, Vice President for the Asia Pacific and Japan region at Exabeam, shared his insights on how advanced XDR and SIEM solutions can help organisations overcome the limitations of legacy systems, reduce risks, and enhance security operations through machine learning, artificial intelligence (AI), and automation.
Role of open XDR in complex cybersecurity ecosystem
According to Cox, the traditional closed XDR platforms, offered by big players like Palo Alto and Microsoft, typically involve a more rigid, platform-specific approach where all security controls and monitoring are conducted under a single vendor’s ecosystem. While this approach has its advantages in certain contexts, it lacks flexibility.
“An open XDR approach, like ours at Exabeam, enables businesses to integrate with over 10,000 different log sources,” Cox said.
This means companies can leverage their existing tools - whether they’re using Microsoft 365 for cloud services, Amazon Web Services for infrastructure, or various third-party security controls, without being locked into a single vendor’s environment, he explained.
The flexibility of an open XDR enables organisations to integrate and analyse diverse data sources, enabling more accurate threat detection and a streamlined response process.
This is particularly important as businesses continue to operate in hybrid or multi-cloud environments, which often use a variety of cloud providers and security tools, he added.
Overcoming Challenges in Integrating SIEM and XDR Solutions
Integrating SIEM and XDR solutions can present several challenges, particularly when it comes to managing data from various sources and ensuring effective threat detection across a complex security environment.
"Some companies face significant hurdles in getting the right logs into their platforms and in managing the data flow, especially as traditional SIEMs often require extensive configuration and customisation,” Cox said.
This complexity can lead to high costs and slow integration processes, with many organisations overwhelmed by the sheer volume of alerts generated.
He emphasised that the key to overcoming these challenges is adopting solutions with open architectures that integrate easily with existing security infrastructure, allowing for streamlined data ingestion and more focused threat detection.
Solutions that offer flexible, open architectures, can help streamline integration by supporting a wide range of log sources and leveraging AI and machine learning for more efficient threat detection and analysis.
- Gareth Cox, Vice President for the Asia Pacific and Japan region, Exabeam
Cox also highlighted that the ability to integrate and scale SIEM and XDR in multi-cloud environments requires careful planning to manage the volume of data generated and ensure that the right insights are delivered efficiently.
To mitigate costs, he suggests organisations to consider optimising data retention policies, using tiered storage for less critical data, and ensuring that the SIEM/XDR platforms can scale elastically, paying only for the resources they use. Additionally, adopting tools that offer automation and orchestration capabilities can help reduce operational overhead and improve cost efficiency in the long run.
For organisations looking to measure the effectiveness of their XDR and SIEM solutions, Cox recommends focusing on key performance indicators like mean time to detect (MTTD) and mean time to respond (MTTR) and mapping the information towards cyber use cases like external threats and insider threats.
Additionally, businesses should assess their capabilities in addressing credential-based attacks and the level of automation available to help security teams manage high volumes of alerts. With focus on these KPIs and continuously refining their use cases, organisations can track their progress toward improving their overall security posture and reducing risk, he added.
Unlike traditional SIEM products, Cox said next-generation SIEM solution sets itself apart by offering two main capabilities - augmenting traditional SIEM platforms and providing a full-fledged, open XDR.
They can integrate with existing SIEM systems like Splunk, Microsoft, and QRadar, using machine learning to reduce the noise of irrelevant alerts and differentiate between normal and abnormal activity, reducing the need for manual intervention, he added.
The road ahead
Looking ahead, Cox envisions a future where Security Orchestration, Automation, and Response (SOAR) capabilities are seamlessly integrated with XDR and SIEM systems, enabling more efficient and effective threat detection and response.
When integrating SIEM, XDR, and SOAR solutions, organisations should focus on seamless connectivity and data sharing between the platforms to enhance threat detection, response, and remediation capabilities.
"The true value comes from ensuring these solutions work cohesively, where SIEM collects and centralises the data, XDR adds advanced detection and response, and SOAR automates the workflow to drive efficient responses,” he added.
Cox emphasised that a key tip is to ensure that these platforms are tightly integrated with automated workflows that minimise manual intervention and streamline the response process.
“By aligning SIEM, XDR, and SOAR to work cohesively, organisations can create a robust, automated security ecosystem that improves both efficiency and effectiveness in combating cyber threats,” he added.
