New eXtended Detection and Response Solution is 450X more efficient than typical SOCs at converting telemetry and logs into actionable alerts
A typical SOC is flooded with 450 alerts per hour, and analysts waste precious time trying to correlate low fidelity alerts and chasing false positives, often at the expense of focusing on legitimate attacks. Until now, a security operations center’s (SOC) field of view for threat detection and response has excluded critical devices that are increasingly common points of attack, including operational technology (OT), industrial control systems (ICS), building management systems (BMS), and medical and IoT devices. In addition, the technology stack that SecOps teams have had to rely on has made it difficult to respond to these threats in a rapid and comprehensive manner.
“The true value of an XDR solution lies in its ability to ingest telemetry and data from across the entire enterprise: cloud, campus, remote and data center environments, and every managed and unmanaged connected device. This is what the X in XDR is all about, after all,” said Justin Foster, CTO, Forescout.
“Traditional XDR products lack this capability, or they only leverage data from the vendor’s own EDR or a few other security tools. This significantly limits the flexibility, scalability and effectiveness that an XDR solution must provide.”
Through the advanced application of data science and automation, Forescout XDR generates one high-fidelity alert that truly warrants analyst investigation, from every 50 million logs ingested, per hour. Because Forescout XDR is vendor- and EDR-agnostic, this ingestion includes data from over 170 security, infrastructure, application, cloud/SaaS and enrichment sources, and dozens of leading vendors. And with over 70 sources of threat intelligence and 1500 verified detection rules and models, and data onboarding included, Forescout XDR customers can be operational within hours, actively detecting, investigating, and responding to threats.
“Forescout XDR, with the breadth and richness of its capabilities, particularly its dashboards and reporting, provides an out-of-the-box solution to SOC challenges that we spent 18-24 months trying to address,” said Samer Mansour, CISO, Panasonic Corporation of North America. “It was easy to deploy, and fully operational in a matter of weeks. And with its tight integration to Forescout’s network security and visibility solutions, and our broader security tech stack, it gives us the ability to exert a lot more control across our IT and OT environments, and further elevate our overall security.”