The purpose of the design phase is to jointly discuss and agree upon management parameters of the XDR Assurance program. This includes a reiteration of the strategic underpinnings of XDR for all stakeholders, alignment on objectives, budget, scope, timeline, contributing parties and similar aspects that set the baseline for subsequent program phases.
Most companies already have some level of detection and response capabilities in place that can be leveraged. Prime examples include forms of endpoint or network visibility, SIEM systems or similar components. Existing DR capabilities need to be assessed for their true effectiveness (visibility, coverage etc.) and evaluated for use in the target XDR stack. The second phases focuses on the identification of such solutions.
The third phase comprises the design of the target XDR architecture on two levels: technological and procedural.
On the technological side, the complexity lies in tailoring this architecture to the requirements of the surrounding technology landscape, considering both functional and non-functional requirements that are relevant in the environment (e.g. performance, scalability or regulation).
Once the components of the technical XDR stack have been designed in phase 3, the next phase is to align closely on suitable vendor products that are candidates to bring in the desired defense capability. This phase typically involves weighted evaluations, running integration POC's and ensuring that budget is allocated wisely. Depending on the specific requirements of the environment, both open source as well as commercial solutions can become part of the target stack.
On the process side, IR workflows need to be aligned with responsible defense teams (SOC, CSIRT, CERT) to ensure swift action can be taken if needed.
Next, our teams will head into implementation to integrate the new stack and ensure it runs adequately. This phase can be executed solely by CISOCON or in close collaboration with onsite teams and development workflows.
We've created the following service for you.