The need to reduce the complexity of cybersecurity. This blog post is taken from a Cynet document titled "Taking Prevention, Detection, and Response to the Next Level with Extended Detection and Response (XDR)"
Increased budget ≠ Increased performance
Security solutions are increasing in number from year to year and are flooding experts with thousands of warnings daily. Did you know that small companies use between 15 and 20 security solutions on average, and medium-sized companies up to 60? This is not a small number, and investigations and linking of individual security warnings can take days.
This is where the saying “you can’t see the forest from the trees” can be applied: when the threat is finally detected, the time it takes to understand it can be measured in months. If we take a look at IBM’s Data Breach Report 2019, we can see that the average time to detect a malicious attack is 230 days, while the time required to repair it is 84 days! This is the reason why the number of cyber incidents continues to increase, despite larger investments in this area.
Cybersecurity has become such a complex and cumbersome industry that the set of skills needed to maintain and operate solutions is now beyond the reach of everyone other than large global organizations.
Next level of the game
A new class of security tools that solve these problems has emerged, promising to improve efficiency and effectiveness in detecting and responding to threats. Gartner defined a new category of solution/platform that integrates and correlates telemetry from multiple detection controls, and then synthesizes and automates response actions – XDR (Extended Detect and Response).
Classic endpoint protection is no longer enough
Many organizations have turned to EDR (Endpoint Detection and Response), EPP (Endpoint Protection Platform), and Next Generation Anti-Virus (NGAV) solutions for more advanced protection, outside of the usual antivirus (AV) platforms. EDR / EPP / NGAV solutions have proven to be extremely valuable in preventing and detecting many forms of endpoint attacks. However, cybercriminals continue to find ways to circumvent them: the number of successful attacks continues to grow, despite huge investments in cybersecurity solutions and resources.
An important step in simplifying cybersecurity lies in automating responses to real threats so that teams can clearly and effectively distinguish “false” and confirmed alerts.
XDR: A new approach to threat detection and response
XDR helps security teams consolidate and streamline incident alerts, thus translating them into automated investigation and response actions. The primary requirements of the XDR platform are threat visibility, incident orientation, and response automation.
Wide range of visibility and threat protection
The basis of XDR is the wide visibility over the primary components for prevention and detection, which enable the most appropriate threat telemetry. Combining the signals from these components provides the context needed to detect covert attacks. As the included components are part of one platform, the alert data and information can be easily normalized and combined, which is very difficult when solutions are obtained from different vendors.
Deciding which components of prevention and detection should be included in XDR is very important. Although some suggest including a wide range of tools, it is necessary to focus on those that cover the primary attack vectors.
XDR tools should include signals from at least the following key components:
- NGAV – Next-Generation Antivirus, for basic detection and prevention of endpoint malware.
- EPP/EDR – Endpoint Protection Platform/ Endpoint Detect and Response for advanced protection, detection, and response on endpoints.
- UEBA – User and Entity Behavioral Analytics, to detect anomalies in user behavior.
- NTA – Network Traffic Analysis, to detect malicious network activities.
Signals from these solution categories provide the wide visibility needed to recognize most attacks. Other data may serve as a supplement, but the categories listed above have been shown to provide the greatest value.
XDR platforms provide a broader overview of incoming threats, combining prevention and detection from the most important attack vectors. This holistic overview allows XDR platforms to automatically process real threats, as well as detect subtle traces of attacks that have potentially gone unnoticed.
Security teams spend much less time on false warnings, and many real-life attacks are automatically remedied, so no human intervention is needed. Confirmed incidents are automatically investigated and rectified, followed by data and context that reduce manual investigation.
Consolidating multiple security products into a single XDR platform achieves significant savings, both in terms of direct vendor costs and internal support costs. With automated response and the reduction of the number of warnings, working time of teams is reduced, and thus their expenses.
XDR is based on a holistic platform that brings together multiple checkpoints to coordinate prevention, detection, and response to threats. This approach increases detection accuracy, while drastically reducing the complexity and cost of comprehensive protection.
Comtrade System Integration, following the latest trends in the industry, offers its clients security services that include XDR solutions, helping them better protect their business in times of frequent cyber attacks. If you want to know more, do not hesitate to contact our experts!
Visit the company profile Comtrade System Integration.