XDR as an approach to security
Estimated reading time: 5 minutes
Just like any other IT field, the cybersecurity market is driven by hype . Currently hype towards XDR, ie eXtended Detection and Response .
XDR is the latest in threat detection and response, a key element of a company’s infrastructure and data defense .
What exactly is XDR?
XDR is an alternative to traditional responsive approaches that only provide layer visibility on attacks . I refer to procedures such as detection and endpoint response (EDR), network traffic analysis (NTA) and SIEM , which we have talked about in many other articles.
The layer visibility implies that various services are adopted, stratified (layers), which each keep under control a specific entity in the infrastructure. This can be problematic. In fact, you need to make sure that layers don’t end up isolated, making it difficult, or nearly impossible to manage and view data. layer visibility provides important information, but can also lead to problems, including :
Collecting too many incomplete and contextless alerts. EDR detects only 26% of initial attack vectors and due to the high volume of security alerts, 54% of professionals security ignores warnings that should be investigated .
Complex and time-consuming investigations requiring specialist expertise . With EDR, the median time to identify a breach has increased to 197 days, and the median time to contain a breach has increased to 69 days.
Tools focused on technology rather than user or business . EDR focuses on technology gaps rather than the operational needs of users and companies. With more than 40 tools used in an average Security Operations Center (SOC), 23% of security teams spend their time maintaining and managing security tools rather than investigating . ( Source )
For already overloaded security teams, the result can be an endless stream of events , too many tools and information to switch between, longer time frames for detection and security expenses that are beyond budget and are not even fully effective .
What’s new in eXtended Detection Response
XDR implements a proactive approach to threat detection and response . It offers visibility into data across networks, clouds and endpoints, while applying analytics and automation to address today’s increasingly sophisticated threats. The benefits of the XDR approach for security teams are manifold:
Identify hidden, stealth and sophisticated threats proactively and quickly.
Track threats across any source or location within your organization. < br> Increase the productivity of people working with technology.
Get more from their security investments .
Conclude investigations in a way more efficient .
From a business perspective, XDR enables companies to detect cyber threats and stop attacks, as well as simplify and strengthen security processes. As a result, it enables companies to better serve users and accelerate digital transformation initiatives. When users, data and applications are protected, companies can focus on strategic priorities.
Why consider it for your company
The two main reasons why this approach is beneficial are: endpoints do not have visibility into threats in places like cloud services , and it may not be possible to put a < em> software agent on all company endpoints .
But there are other reasons to consider too. The addition of other data sources can provide more context in the EDR results, improving triage and investigation of alerts . Providers are moving not only to provide more and better organized data, but also by delivering analytics platforms to lighten the analytical load on operators. This translates into ease of use and reduced operating costs.
XDR can seem very attractive as a product: Tight integration of parts, highly tuned content (as the provider has total control over the events from the data sources), use of analytics and response automation.
What to pay attention to before adoption
Some providers are positioning their XDR as the ultimate threat detection solution . However, many vendors are unable to offer all the tools needed to get the advantage sold. Some providers offer endpoint and cloud monitoring in the package, others endpoint and network monitoring, but when looking at the comprehensive needs of most organizations, there are often missing details in the overall picture.
And if, once the company engages with a provider and notices a lack in one of the monitored sectors, what are the possible solutions? A situation of vendor lock-in from which to break free means to sever a contract and then open another one, with all the consequent costs.
XDR as an approach, not as a product
Before entering into a contract with a provider that sells a solution as final, it is always good to weigh the benefits and implications analytically.
Tight, two-way integration of multiple threat detection and response capabilities is the first distinguishing feature. But it is not necessary to buy two technology components from the same vendor to achieve good integration. Indeed, many products have the ability to integrate with some solutions from other vendors as one of their main strengths.
The XDR approach must provide a platform that allows the necessary data collection and storage , but also strong analytical skills, to orchestrate and automate response actions provided by the other parts of the solution. A cloud based Next Generation SIEM is a perfect solution.
How to move then?
The interest in XDR products is a clear signal that excessive fragmentation was leading to excessive complexity. A little consolidation is good, but it must be done while protecting flexibility and the ability to follow the best solutions.
In our opinion, a SOCaaS is an optimal solution. Provides next generation SIEM , with strong analytical capabilities. In addition, it also integrates artificial intelligence that helps in time to recognize threats through behavior analysis. A SOCaaS is the future of security operating platforms.
To find out with our services they can help you protect the data of your company and your customers, contact us, we will gladly answer all your questions.
- Network Traffic Analyzer: an extra gear for the Next Gen SIEM
- The importance of Cyber Threat Intelligence
- Red Team, Blue Team and Purple Team: what are the differences?
- Magecart attack: what it is and how to protect yourself
- 9 reasons why you should consider using a VPN
- The latest PDF phishing trends of 2020
- Predictive cybersecurity with our SOCaaS
- Secure Online Desktop 10 years later: our corporate anniversary
- Backup as a Service (2)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (18)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (13)
- Web Hosting (15)
- Biden Administration Responds to Geopolitical Cyber Threats July 23, 2021In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.
- 7 Hot Cyber Threat Trends to Expect at Black Hat July 22, 2021A sneak peek of some of the main themes at Black Hat USA next month.
- Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack July 19, 2021Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.
- US Accuses China of Using Criminal Hackers in Cyber Espionage Operations July 19, 2021DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.
- How Gaming Attack Data Aids Defenders Across Industries July 19, 2021Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data.
- NSO Group Spyware Used On Journalists & Activists Worldwide July 19, 2021An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
- When Ransomware Comes to (Your) Town July 19, 2021While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.
- Breaking Down the Threat of Going All-In With Microsoft Security July 19, 2021Limit risk by dividing responsibility for infrastructure, tools, and security.
- 7 Ways AI and ML Are Helping and Hurting Cybersecurity July 19, 2021In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
- Researchers Create New Approach to Detect Brand Impersonation July 16, 2021A team of Microsoft researchers developed and trained a Siamese Neural Network to detect brand impersonation attacks.
- APPLE-SA-2021-07-21-7 Safari 14.1.2 July 23, 2021Posted by Apple Product Security via Fulldisclosure on Jul 23APPLE-SA-2021-07-21-7 Safari 14.1.2 Safari 14.1.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212606. WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed […]
- APPLE-SA-2021-07-21-6 tvOS 14.7 July 23, 2021Posted by Apple Product Security via Fulldisclosure on Jul 23APPLE-SA-2021-07-21-6 tvOS 14.7 tvOS 14.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212604. Audio Available for: Apple TV 4K and Apple TV HD Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: […]
- APPLE-SA-2021-07-21-5 watchOS 7.6 July 23, 2021Posted by Apple Product Security via Fulldisclosure on Jul 23APPLE-SA-2021-07-21-5 watchOS 7.6 watchOS 7.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212605. ActionKit Available for: Apple Watch Series 3 and later Impact: A shortcut may be able to bypass Internet permission requirements Description: An input validation issue was addressed […]
- APPLE-SA-2021-07-21-4 Security Update 2021-005 Mojave July 23, 2021Posted by Apple Product Security via Fulldisclosure on Jul 23APPLE-SA-2021-07-21-4 Security Update 2021-005 Mojave Security Update 2021-005 Mojave addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212603. AMD Kernel Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption […]
- APPLE-SA-2021-07-21-3 Security Update 2021-004 Catalina July 23, 2021Posted by Apple Product Security via Fulldisclosure on Jul 23APPLE-SA-2021-07-21-3 Security Update 2021-004 Catalina Security Update 2021-004 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212600. AMD Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption […]
- APPLE-SA-2021-07-21-2 macOS Big Sur 11.5 July 23, 2021Posted by Apple Product Security via Fulldisclosure on Jul 23APPLE-SA-2021-07-21-2 macOS Big Sur 11.5 macOS Big Sur 11.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212602. AMD Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory […]
- APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7 July 23, 2021Posted by Apple Product Security via Fulldisclosure on Jul 23APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7 iOS 14.7 and iPadOS 14.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212601. iOS 14.7 released July 19, 2021; iPadOS 14.7 released July 21, 2021 ActionKit Available for: iPhone 6s and later, iPad Pro […]
- ipython3 may execute code from the current working directory July 23, 2021Posted by Georgi Guninski on Jul 23Summary: under certain circumstances, ipython3 may execute code from the current working directory. This might be a problem if the current working directory is not trusted. python3 is safe. Tested on ubuntu 20. The following session illustrates it: [email protected]:~/tests/dir2$ pwd /home/joro/tests/dir2 [email protected]:~/tests/dir2$ ipython3 --version 7.13.0 [email protected]:~/tests/dir2$ ls ~/tests/dir1 a.py […]
- Cross-site Scripting vulnerability in Ampache 4.4.2 July 23, 2021Posted by Daniel Bishtawi via Fulldisclosure on Jul 23Hello, We are informing you about a Cross-site Scripting vulnerability in Ampache 4.4.2. Information -------------------- Advisory by Netsparker Name: Cross-site Scripting vulnerability in Ampache 4.4.2 Affected Software: Ampache Affected Versions: 4.4.2 Homepage: http://ampache.org/ Vulnerability: Cross-Site Scripting Severity: High Status: Fixed CVSS Score (3.0): 7.4 (High) Netsparker Advisory […]
- CFP for Hardwear.io Netherlands 2021 July 23, 2021Posted by Andrea Simonca on Jul 23Hardwear.io Security Trainings and Conference Netherlands 2021 28-29 October 2021, NH Hotel Den Haag, The Netherlands https://hardwear.io/netherlands-2021/ It is a pleasure to invite you to bring forward your cutting-edge research at Hardwear.io Netherlands 2021: Important Dates Deadline for submission: 20 August 2021 Notification of acceptance: 3 September 2021 Security […]
Tempo di lettura stimato: 6 minuti Ogni giorno sentiamo parlare di qualche nuova minaccia o vulnerabilità in ambi… https://t.co/nlHWBfE6QU
Tempo di lettura stimato: 9 minuti Agile working and smart working are now a daily reality for many workers. W… https://t.co/FXpigfCLJ8
Tempo di lettura stimato: 9 minuti Ormai, lavoro agile e smart working sono una realtà quotidiana per molti lavor… https://t.co/AVUdOnRQB7
Tempo di lettura stimato: 9 minuti Nel periodo 2019-2020 si è notato un drammatico aumento del 1160% dei file PDF… https://t.co/78xe9tC59h
Tempo di lettura stimato: 9 minuti There was a dramatic 1160% increase in malicious PDF files in 2019-2020. It… https://t.co/kB9TNUmDfE