XDR as an approach to security
Estimated reading time: 5 minutes
Just like any other IT field, the cybersecurity market is driven by hype . Currently hype towards XDR, ie eXtended Detection and Response .
XDR is the latest in threat detection and response, a key element of a company’s infrastructure and data defense .
What exactly is XDR?
XDR is an alternative to traditional responsive approaches that only provide layer visibility on attacks . I refer to procedures such as detection and endpoint response (EDR), network traffic analysis (NTA) and SIEM , which we have talked about in many other articles.
The layer visibility implies that various services are adopted, stratified (layers), which each keep under control a specific entity in the infrastructure. This can be problematic. In fact, you need to make sure that layers don’t end up isolated, making it difficult, or nearly impossible to manage and view data. layer visibility provides important information, but can also lead to problems, including :
Collecting too many incomplete and contextless alerts. EDR detects only 26% of initial attack vectors and due to the high volume of security alerts, 54% of professionals security ignores warnings that should be investigated .
Complex and time-consuming investigations requiring specialist expertise . With EDR, the median time to identify a breach has increased to 197 days, and the median time to contain a breach has increased to 69 days.
Tools focused on technology rather than user or business . EDR focuses on technology gaps rather than the operational needs of users and companies. With more than 40 tools used in an average Security Operations Center (SOC), 23% of security teams spend their time maintaining and managing security tools rather than investigating . ( Source )
For already overloaded security teams, the result can be an endless stream of events , too many tools and information to switch between, longer time frames for detection and security expenses that are beyond budget and are not even fully effective .
What’s new in eXtended Detection Response
XDR implements a proactive approach to threat detection and response . It offers visibility into data across networks, clouds and endpoints, while applying analytics and automation to address today’s increasingly sophisticated threats. The benefits of the XDR approach for security teams are manifold:
Identify hidden, stealth and sophisticated threats proactively and quickly.
Track threats across any source or location within your organization. < br> Increase the productivity of people working with technology.
Get more from their security investments .
Conclude investigations in a way more efficient .
From a business perspective, XDR enables companies to detect cyber threats and stop attacks, as well as simplify and strengthen security processes. As a result, it enables companies to better serve users and accelerate digital transformation initiatives. When users, data and applications are protected, companies can focus on strategic priorities.
Why consider it for your company
The two main reasons why this approach is beneficial are: endpoints do not have visibility into threats in places like cloud services , and it may not be possible to put a < em> software agent on all company endpoints .
But there are other reasons to consider too. The addition of other data sources can provide more context in the EDR results, improving triage and investigation of alerts . Providers are moving not only to provide more and better organized data, but also by delivering analytics platforms to lighten the analytical load on operators. This translates into ease of use and reduced operating costs.
XDR can seem very attractive as a product: Tight integration of parts, highly tuned content (as the provider has total control over the events from the data sources), use of analytics and response automation.
What to pay attention to before adoption
Some providers are positioning their XDR as the ultimate threat detection solution . However, many vendors are unable to offer all the tools needed to get the advantage sold. Some providers offer endpoint and cloud monitoring in the package, others endpoint and network monitoring, but when looking at the comprehensive needs of most organizations, there are often missing details in the overall picture.
And if, once the company engages with a provider and notices a lack in one of the monitored sectors, what are the possible solutions? A situation of vendor lock-in from which to break free means to sever a contract and then open another one, with all the consequent costs.
XDR as an approach, not as a product
Before entering into a contract with a provider that sells a solution as final, it is always good to weigh the benefits and implications analytically.
Tight, two-way integration of multiple threat detection and response capabilities is the first distinguishing feature. But it is not necessary to buy two technology components from the same vendor to achieve good integration. Indeed, many products have the ability to integrate with some solutions from other vendors as one of their main strengths.
The XDR approach must provide a platform that allows the necessary data collection and storage , but also strong analytical skills, to orchestrate and automate response actions provided by the other parts of the solution. A cloud based Next Generation SIEM is a perfect solution.
How to move then?
The interest in XDR products is a clear signal that excessive fragmentation was leading to excessive complexity. A little consolidation is good, but it must be done while protecting flexibility and the ability to follow the best solutions.
In our opinion, a SOCaaS is an optimal solution. Provides next generation SIEM , with strong analytical capabilities. In addition, it also integrates artificial intelligence that helps in time to recognize threats through behavior analysis. A SOCaaS is the future of security operating platforms.
To find out with our services they can help you protect the data of your company and your customers, contact us, we will gladly answer all your questions.
- Event Overload? Our SOCaaS can help!
- Business email compromise (BEC) schemes
- XDR as an approach to security
- What is threat intelligence?
- Data Loss Prevention: definition and uses
- Prevent shoulder surfing and theft of corporate credentials
- HTTP / 3, everything you need to know about the latest version protocol
- Machine learning and cybersecurity: UEBA applications and security
- Backup as a Service (2)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (17)
- ownCloud (4)
- Privacy (6)
- Secure Online Desktop (14)
- Security (9)
- Web Hosting (15)
- Troy Hunt: Organizations Make Security Choices Tough for Users May 6, 2021The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
- New Techniques Emerge for Abusing Windows Services to Gain System Control May 6, 2021Organizations should apply principles of least privilege to mitigate threats, security researcher says.
- Google Plans to Automatically Enable Two-Factor Authentication May 6, 2021The company plans to automatically enroll users in two-step verification if their accounts are properly configured.
- CISA Publishes Analysis on New 'FiveHands' Ransomware May 6, 2021Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
- Securing the Internet of Things in the Age of Quantum Computing May 6, 2021Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
- Cloud-Native Businesses Struggle With Security May 6, 2021More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.
- Biden's Supply Chain Initiative Depends on Cybersecurity Insights May 6, 2021Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.
- How to Move Beyond Passwords and Basic MFA May 6, 2021It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)
- Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security May 6, 2021Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
- Attackers Seek New Strategies to Improve Macros' Effectiveness May 5, 2021The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
- APPLE-SA-2021-05-03-3 watchOS 7.4.1 May 4, 2021Posted by Apple Product Security via Fulldisclosure on May 04APPLE-SA-2021-05-03-3 watchOS 7.4.1 watchOS 7.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212339. WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report […]
- APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1 May 4, 2021Posted by Apple Product Security via Fulldisclosure on May 04APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1 macOS Big Sur 11.3.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212335. WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a […]
- APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1 May 4, 2021Posted by Apple Product Security via Fulldisclosure on May 04APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1 iOS 14.5.1 and iPadOS 14.5.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212336. WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, […]
- APPLE-SA-2021-05-03-2 iOS 12.5.3 May 4, 2021Posted by Apple Product Security via Fulldisclosure on May 04APPLE-SA-2021-05-03-2 iOS 12.5.3 iOS 12.5.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212341. WebKit Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing maliciously crafted […]
- KSA-Dev-0012:CVE-2021-25326:Unauthenticated Sensitive information Discloser in Skyworth RN510 Mesh Extender May 4, 2021Posted by Kaustubh Padwad via Fulldisclosure on May 04Overview ======== Title:- UnAuthenticated Sensitive information Discloser in RN510 Mesh Extender. CVE-ID :- CVE-2021-25326 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.(http://www.skyworthdigital.com/products) Products: 1. RN510 with firmware V.184.108.40.206 (Tested and verified) Potential 2.RN620 with respective firmware or below 3.RN410 With Respective […]
- KSA-Dev-0011:CVE-2021-25327: Authenticated XSRF in Skyworth RN510 Mesh Extender May 4, 2021Posted by Kaustubh Padwad via Fulldisclosure on May 04Overview ======== Title:- Authenticated XSRF in RN510 Mesh Extender. CVE-ID :- CVE-2021-25327 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.(http://www.skyworthdigital.com/products) Products: 1. RN510 with firmware V.220.127.116.11 (Tested and verified) Potential 2.RN620 with respective firmware or below 3.RN410 With Respective firmwware or […]
- KSA-Dev-0010:CVE-2021-25328:Authenticated Stack Overflow in Skyworth RN510 mesh Device May 4, 2021Posted by Kaustubh Padwad via Fulldisclosure on May 04itle :- Authenticated Stack Overflow in RN510 mesh Device CVE-ID:- CVE-2021-25328 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.(http://www.skyworthdigital.com/products) Products: 1. RN510 with firmware V.18.104.22.168 (Tested and verified) Potential 2.RN620 with respective firmware or below 3.RN410 With Respective firmwware or below. […]
- Re: Two vulnerabilities found in MikroTik's RouterOS May 4, 2021Posted by Q C on May 04[Update 2021/05/04] Two CVEs have been assigned to these vulnerabilities. CVE-2020-20219: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). CVE-2020-20262: Mikrotik RouterOs before 6.47 (stable tree) suffers from an […]
- Re: Two vulnerabilities found in MikroTik's RouterOS May 4, 2021Posted by Q C on May 04[Update 2021/05/04] Two CVEs have been assigned to these vulnerabilities. CVE-2020-20221: Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. CVE-2020-20218: Mikrotik RouterOs 6.44.6 (long-term […]
- Re: Two vulnerabilities found in MikroTik's RouterOS May 4, 2021Posted by Q C on May 04[Update 2021/05/04] CVE-2020-20212 and CVE-2020-20211 have been assigned to these two vulnerabilities. CVE-2020-20212: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference) CVE-2020-20211: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from […]
Estimated reading time: 7 minutes Ethical hacking means the application for good of hacking techniques. The… https://t.co/JMjvDtbW9p
Tempo di lettura: 4 minMonitoraggioNegli ultimi anni abbiamo assistito ad una rapida evoluzione delle infrastruttur… https://t.co/3EQ6yPJG4g
Tempo di lettura: 6 min WastedLocker e' un software per attacchi ransomware che ha iniziato a colpire imprese e al… https://t.co/yRXHQPoAlG
syslog server - High performance service for collecting logs - Use all the strengths of the syslog-ng Premium Edit… https://t.co/NOmReNicwb
WastedLocker is ransomware attack software that began targeting businesses and other organizations in May 2020. It… https://t.co/8244AWLg8s