Secureworks, a company that made its name providing managed security services for its customers, announced Feb. 9 a productized version of its security analytics platform.
The product, called Taegis XDR, is a cloud-native, software-as-a-service (SaaS)-based extended detection and response (XDR) solution. It builds on the company’s existing Counter Threat Unit research and intelligence with additional countermeasures, detectors and telemetry from Secureworks sources and third-party security integrations. This combination of intelligence can help organizations better understand attacks and provide rapid response, according to the company.
“Our threat researchers work in lockstep with our product engineering teams to ensure their expertise and knowledge inform enhancements and new platform capabilities,” said Secureworks Vice President Gavin Hill. “By applying our knowledge of how threat actors operate, we designed Taegis to collect and store telemetry in a manner that allows us to apply threat analytics across a wide variety of customer-defined data sources.”
While most cybersecurity companies are product companies that often add service offerings in support of their products, Secureworks has taken the opposite approach with its XDR solution by making the underlying technology it has been using for years internally available to others.
“It’s very different when a company full of expert security analysts, with extremely mature processes, threat intel researchers and underlying technology, decides to put it all together as a subscription-based product offering,” said Dave Gruber, senior analyst at Enterprise Strategy Group.
Unlike other XDR solutions, Taegis XDR is an open platform supporting community-applied threat intelligence. XDR processes 350 billion events daily ingesting data from more than 40 sources of endpoint, network, hybrid cloud, threat intelligence and telemetry. Because it ingests data from existing cybersecurity solutions within an environment, it’s easier to add the product to an environment without discontinuing existing cybersecurity solutions.
Taegis XDR will continue to evolve over time, as Secureworks’ threat researchers identify new techniques, tactics, procedures and strategies for detecting threats. As that happens, threat researchers work with the company's engineering teams to continually evolve the platform to keep pace with organizational requirements, Hill said. For example, the platform will improve how it detects threats within cloud environments over time, as more organizations shift to public cloud providers.
The potential for success is big, Gruber said, and early customers seem very pleased. But as a more diverse set of organizations begins to use it, Secureworks will need to be sure the product can handle all use cases required. User experience is key, he said.
“Secureworks has been doing XDR long before XDR was a thing, so I’m optimistic that they will be able to move fast and share their experiences in a way that helps other security teams gain the advanced capabilities that XDR solutions offer,” he said. “Integrations and partnerships with native security control providers are key, and they’ve already shipped an impressive list.”