By now, we’ve felt the impact of the COVID pandemic on our business outlook, IT operations, and in many cases, mental sanity. On the technology front, it may have exposed operational shortcomings or confirmed that investments in digital transformation and remote work had been worth it. But even among the most agile companies, cybersecurity may have taken a back seat to business-critical needs — migrate to the cloud, retreat to the home, survive, thrive.
The International Telecommunication Union’s most recent Global Cybersecurity Index ranks the United Arab Emirates (UAE) fifth, but threat posture at a national level may not reflect the stance of every economic player. According to Abu Dhabi-based Digital14, the UAE saw a 250% surge in cyberattacks during the height of the pandemic, with nearly half (49%) of the country’s enterprises becoming victims of ransomware. In 2018, the country ranked as the second most targeted nation in terms of cybercrime, with the year’s losses estimated at around $1.4 billion.
It’s a tale as old as time. Criminals target high-net-worth victims. And in a region where economic recovery is in full swing and regulatory compliance issues loom large, there’s never time for a cyber-incident. As more and more business activity shifts from corporate premises to the lounges and home-offices of employees, protecting global endpoints is more important than ever.
Endpoint detection and response (EDR), formerly the fashion in protecting BYOD environments, has now been stretched to further protect how employees work: through email, clouds, identities, and on any network. We call this approach “extended detection and response”, or XDR. XDR is gaining massive popularity as a new approach to security operations, one that doesn’t rely on massive log & data collection and multiple skilled security analysts in order to be effective.
Company, Advance!
Advanced XDR goes further, applying artificial intelligence (AI) and machine learning (ML) to identify and correlate disparate attack behaviors into a broader malicious operation. Algorithms built to identify specific attack patterns sift through telemetry in ways that rule-based routines cannot, identifying threats and behaviors that signatures & rules fail to catch.
When security analysts are presented with a visual timeline that automatically reveals the root cause, scope, and sequence of a malicious operation, it’s much easier to follow through with a fast and effective incident response.
In some cases, advanced XDR can automate the response itself, or at least give recommendations on the best course of action. Security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solutions are incapable of such output and require building playbooks, workflows, and tuning from trained human specialists. Advanced XDR solutions free specialists from labor-intensive workflows, reducing mental strain and enabling focus on higher-level work such as long-term strategy.
By its nature, advanced XDR eliminates information silos to build a unified view of infrastructure, bringing together identity, email, endpoint, cloud, and network context to protect employees as they work anywhere around the world. By concentrating on the chains of behavior that make up an attack sequence, analysts can neutralise the broader campaign instead of fighting the individual fires it creates. For example, if a cyberteam identifies and removes malware on a device, they do not solve the associated problems of stolen credentials or the ongoing presence of other malicious payloads on the network.
Advanced XDR brings automated responses to such teams, allowing them to predict an attacker’s next steps and take prevention measures that can proactively reduce risk. EDR and XDR often do not go far enough in their ability to identify modern attacks because of their focus on the endpoint in isolation of other telemetry. And both suffer from ingesting and analysing massive amounts of data at scale; compensating strategies such as “smart filtering” ignores information that might be useful because of the bandwidth requirements in delivering real-time detection.
The ideal solution
All XDR solutions must collect, process, and store disparate event data that might be useful. What sets advanced XDR apart from its predecessors is if it can actually prevent common threats, such as ransomware, deliver instant attack detection, and enable fast, accurate incident response.
The best solutions will be friendly to legacy environments and offer a range of integrations from Day One of operations. And, it should enable teams to shift from the labor-intensive paradigm of “detect, analyse, and respond”, to a proactive “detect, understand, and anticipate”.
Neither EDR nor XDR can deliver this. SIEM and SOAR solutions also fall short. Advanced XDR, however — either on its own or in concert with legacy solutions — can deliver the visibility, reach, automation, and accuracy required to deliver robust, enterprise-wide security. Malicious actors can say “goodbye” to their long-standing advantage. The paper walls they once easily tore through have been replaced with tempered steel. And the innovators within are safe to build without limits.
