Understanding XDR in practice

Understanding XDR in practice

The XDR detection and response approach connects the virtual dots in cybersecurity. Indi Siriniwasa, Vice President Sub-Saharan Africa at Trend Micro, tells us more.

Having broader visibility into the cyber risks facing the organisational network enables executives to better safeguard their data as well as manage the business more effectively in a digitally-driven environment.

Through sophisticated data analysis that integrates all endpoints and link seemingly minor (and unrelated) events, it reflects today’s growing sophisticated threat landscape that is continually evolving.

Instead of relying on traditional endpoint protection which puts cybersecurity in several silos (each dedicated to its own endpoint or solution), XDR provides the business with a comprehensive overview of where potential gaps on its network exist. Research shows that some companies only effectively protect 10% of all endpoints on their networks. While financial service providers might be able to get that figure up to 98% thanks to the massive budgets at their disposal, there is still opportunity for hackers to get in.

Bridging this security gap can be considered the Holy Grail when it comes to shoring up defences in the always on business landscape. Certainly, endpoint solutions can protect the company, but they only work on the systems they are installed on. So, an unsecured endpoint can give a malicious user free reign into the network.

Hacker journey

Once a hacker enters the company network, they can move laterally and determine other weak points in the defensive systems. Given the regulatory environment and fines for data loss or compromise, companies can find themselves staring down significant financial fines and reputational penalties when these hacks come to light. But perhaps more concerning is the attack or compromise that is never discovered. Essentially, this creates an open link between the hacker and company data that will likely not get secured in the foreseeable future.

Imagine the repercussions of a competitor knowing exactly what the company strategy is, having access to its sales leads, product development cycle, and so on. XDR changes this by introducing email, endpoint and network intelligence to the broader company system and linking that to other data points. This provides for more advanced detection capabilities that correlate security data throughout the organisation to identify events that might previously have gone unnoticed.

XDR can therefore counter the risk of lateral attacks by keep a repository of information to pro-actively protect endpoints based on artificial intelligence (AI), machine learning, and data analysis.

Advanced protection

Unlike traditional endpoint protection, XDR takes data about events related to endpoints and feeds that back into the security system. And because XDR is a hosted solution, this data can be analysed through AI with protection being automated to be cognisant of attack patterns.

Just like any business relies on its data to deliver a competitive advantage to the market, so too does XDR need security data to deliver insights and provide alerts previously not possible. Of course, XDR does not replace the human factor and still requires in-house security response teams to act accordingly and decide which alerts must be acted on.

However, XDR does represent an important evolution in the continuing war against cyberattacks. Data analysis from a cybersecurity perspective providing insights into the overall corporate network and integrate it into a centralised value proposition will help companies significantly improve their defences.

Browse our latest issue

Intelligent CISO

View Magazine Archive