Better identify threats and react faster

Businesses around the world now see cyber threats as the most significant risk to their business, according to Allianz’s January 2022 Risk Barometer. The current geopolitical situation further portends a further worsening of this situation. At the same time, companies are finding it increasingly difficult to protect themselves. As digitization increases, so does the attack surface. Security managers are faced with an increasingly complex IT environment ranging from on-premises systems to various cloud services, including connected devices (IoT), not to mention the many telework stations deployed during the pandemic. The security requirements of IT environments are increasing, and with them the security infrastructure, which is becoming more and more difficult to manage. In addition, IT teams suffer from a persistent shortage of qualified personnel.

Modern attacks require new approaches

With a reduced number of security employees facing ever greater challenges, it is no longer possible to ensure sufficient security. As an ESG study shows, 85% of companies say it is increasingly difficult for them to detect threats and respond quickly. This is precisely what is important to ensure business continuity. In addition, traditional security strategies are not adapted to today’s common attack models, they often intervene late and summarily, when attacks often take place in waves and extend on many different levels. .

It is therefore imperative to adopt a new approach allowing the rapid detection of even the most complex incidents. This is where XDR technology comes in, for Extended Detection & Response. This new technology provides threat transparency across the entire IT environment and supports security teams with artificial intelligence (AI) and automation. According to Gartner, XDR is one of the top trends in security and risk management.

Break down silos and relieve IT teams

To identify multi-layered attacks, it is necessary to monitor all vectors in the IT environment, collect clues and bring them together into an overall picture. Modern malware often tries to elude security systems and go unnoticed. And they can additionally perform many different actions. We have seen the Emotet Trojan download other malicious software, in particular to steal or encrypt data. Thanks to its double functionality of worm and bot, it spread in an automated way in the network and received orders from the attackers via Command-and-Control servers.

Opposite, XDR technology creates complete transparency across the entire IT environment and all vectors: from email to cloud workloads, endpoints, servers and networks. Information from all connected security systems converges to a central Data Lake. They are analyzed there using AI, using Machine Learning and Global Threat Intelligence. XDR automatically filters relevant information and establishes correlations. Thousands of alerts are thus transformed into a few actionable warnings. The number of security events can thus be reduced by up to 90%. Security teams can then focus on the really important alerts. The specialists see at a glance on the center console what has happened and whether they need to intervene. Valuable time is saved and companies can react much more quickly and in a more targeted manner to an incident.


XDR turns thousands of messages into a manageable number of useful alerts

Extended Detection & Response (XDR) solutions collect and match all enterprise security information. Michael Unterschweiger, regional director for Switzerland and Austria at Trend Micro, explains why XDR is also interesting for companies already relying on SIEM and SOAR. Interview: Coen Kaat

More and more tools promise to help with security management. First there was SIEM, then SOAR and now XDR. What sets them apart?

In fact, many companies already use a Security Information and Event Management (SIEM) system to collect and review information from different security systems and detect threats. Security analysts often use these solutions to monitor security-related systems, assess alerts, and investigate anomalies. If the experts discover a cyber incident, they take the appropriate countermeasures. It is in this context that SOAR (Security Orchestration, Automation and Response) solutions are increasingly used. Like a SIEM, SOAR collects security information from different sources and evaluates it. The technology goes even further, however, and can even trigger automated measurements, without human intervention.

So why do we need an XDR additionally?

In practice, most users report that while their SIEM helps them investigate threats, these solutions often struggle to effectively correlate events. A lot of work therefore remains to be done for security analysts – and these experts are unfortunately often rare in these times of shortage of qualified personnel. According to an ESG study, 57% of companies believe that their SIEM sends too many messages and that it takes too many staff to use it effectively. And collecting and integrating data poses another complex problem. In addition, nearly half of companies face redundant data in their systems. Since SIEM licenses are typically priced on an event-per-second basis, unnecessary data drives up costs. XDR solves many of these challenges. Like a SIEM, XDR collects threat information from connected systems. The analysis, on the other hand, is based on artificial intelligence based on global threat data. The correlation of alerts is thus much more precise. From thousands of messages, we finally get a reasonable number of actionable alerts. The number of security alerts is thus reduced by up to 90%.

Can an XDR replace a SIEM?

XDR is not intended to replace existing security systems, but to add valuable automation features and increase efficiency. Thus, an XDR solution can collaborate with a SIEM by serving as a central source of logs. Already correlated data then feed the SIEM. The advantages are many: on the one hand, it increases the speed of analysis and therefore the speed of reaction to attacks. Data correlation, for which a SIEM needs several minutes, is done in seconds with an XDR. On the other hand, the number of events per second used to provision the SIEM license is reduced and the need for storage decreases – two factors that reduce costs. In addition, XDR already has global threat intelligence, which security analysts need to assess alerts and establish correlations. Many companies purchase this information from external vendors. Costs that are added to those of a SIEM, but which are avoided with an XDR.

We would love to give thanks to the writer of this post for this remarkable material

Better identify threats and react faster

Discover our social media profiles , as well as the other related pages