How XDR can transform cybersecurity and eliminate legacy vendor sprawl

For many in the region, the digital revolution has meant prosperity. Even when Covid-19 struck, the cloud and cloud services offered a haven of business continuity and prospects for new innovation. But havens are supposed to be safe places. And perhaps the greatest irony of the GCC’s mass cloud migration was the surge in cyber-incidents that accompanied it.

Entrenched in static, siloed security approaches, the region’s CISOs were ill-equipped for the deluge of new threats that stemmed from the expanded attack surface — more unprotected devices used by home-based knowledge workers, and networks that stretched across multiple domains. To make matters worse, the GCC, and wider Middle East, had long been struggling with a skills gap in the cybersecurity field. And the few trained professionals that were on hand to fight off bad actors did not have time to chase every amber flag.

Global figures paint a disturbing picture of this resource deficit. According to an IBM report from 2021, it routinely takes threat hunters the better part of a year to deal with threats — an average of 287 days to “identify and contain a data breach”. And a Deep Instinct survey found a global average for initial response times of almost 21 hours — the better part of a day. This is great news for cybercriminals. If they know they have a day before the chase begins and a year before they are in danger of being stopped (never mind caught), they will be understandably emboldened.

‘Extending’ the response

What is sorely needed, then, is a solution that can keep up with a dynamic threat landscape, unify security subfunctions, and point cyber-professionals in the right direction instantaneously. XDR (extended detection and response) is such a system. It reaches across endpoints, networks, clouds, email, applications, and third-party security platforms to detect threats as they arise, rather than hours or days later. Its real-time capabilities put it on the frontlines of the battle against threat actors and allow security teams to mount an effective, proactive defense while IT and line of business innovate in peace.

XDR unites the security ecosystem into a single-console hub of knowledge. This leads to lower operational costs and greatly enhanced detection and response. XDR, done well, collates threat intelligence from an organisation’s security solutions and combines it with external intelligence to understand extant behaviors on the corporate network, among apps and within endpoints, as well as in the cloud, and on the Web.

Telemetry that may not be useful on its own may be combined with similarly banal signals to create a potent view of suspicious activity. With this new capability, security teams waste less time chasing false positives and have more success in pinning down the real risks. Productivity among the CISO’s team surges as XDR automates the mundane, repetitive necessities, and filters out the white noise of telemetry overload. Further value comes from reducing the need for specialist skills, as the XDR platform will incorporate standards such as the MITRE ATT&CK framework and will respond automatically to known events.

XDR: The great unifier

It is important to note that XDR is a new approach rather than a new technology. It unites EPP, EDR, NDR and SIEM/SOAR solutions in way that prevents security teams running from console to console to solve a jigsaw puzzle, just so they can get a useful view of the whole technology stack. Depending on the security team, XDR may supplement legacy solutions, but its primary deliverable should be to integrate as a single-console solution with minimum configuration.

The ideal XDR solution must also be self-sufficient, leaning primarily, if not exclusively, on a vendor’s own threat intelligence for prevention, detection, and response use cases. And it must come with content and workflow that support those use cases and accelerate the threat-hunting process, from detection time to mitigation time.

Data quality and access are also vital. Ideal XDR should leverage advanced analytics to gain insights and advantages from multiple data sources that more quickly steer security personnel towards risks. The ideal vendor should use its own research groups and third-party sources to provide the richest possible intelligence for the XDR platform. It should be committed to broadening the scope of its research, bringing in more sources of telemetry and more partners to increase the value for those investing in XDR. The vendor should also provide rigorous support, and content that includes guidance for users on configuration and best practices, especially regarding the recommended actions to take when encountering an incident. Also desirable are further integration options with IT operations, such as helpdesk ticketing workflows.

XDR is a promise — the promise of an end to confusion and complexity. Regional businesses must innovate, but to do so they cannot live under the shadow of the current threat landscape. They need to know that their backs are covered by a unified response. XDR is here, and it is here to stay.

Comments are closed.