When it comes to IT, it’s safe to say we are not in Kansas anymore Toto. The complexity of supply chains, how we access and store data and applications, digital re-engineering, and other tech evolutions have changed the face of the workplace. Alongside this transformation, the attack surface has expanded, opening new varieties of threats and opportunities for exploitation. End users are too easily phished. Digital entwinement between the supply chain, customers, and partners is too intimate – and threat actors take advantage to do their worst.
There is no perimeter fence, but a multidimensional attack surface that can expand, contract and morph, encompassing every device, network segment, cloud, document, database, and line of application code in your environment. In this multi-faceted universe, we can no longer rely on siloed security solutions. It’s time to replace that siloed endpoint detection and response (EDR) thinking approach with contemporary ideas that we can all rally around. In doing so, organizations will be better positioned for the challenges of today. So where do we go from here?
Is EDR dead?
In short, of course not – but I got your attention, right? EDR will always be a vital part of the cybersecurity stack. However, standalone EDR isn’t what it once was. It’s a vastly outdated view when considering some 61% of data from our customers doesn’t come from endpoints. Telemetry has evolved, and how we can maximize its value has changed. Security telemetry was once isolated to point solutions or noisy SIEMs, but now it needs to come from everywhere in the organization.
A siloed EDR is a welcome mat for intruders, as it only really helps you with the first step in the attack chain. Naturally, it’s important to keep threat actors out of your environment. But if you’ve already done the basic blocking and tackling, it’s the dwell time that can be the killer. The longer an attacker can go undetected in an environment the more harm they can cause, snooping around your network and stealthily compromising one asset after another. When you consider the average dwell time for most organizations has risen to 200 or more days for some industries, it brings home the need to get better at spotting and neutralizing intruders who have breached the walls – and an isolated EDR won’t help you do that.
Steve Fulton is President for Customer Success at Secureworks.
Getting a panoramic view to make security whole again
The reality is that previous iterations of traditional EDR solutions have not achieved the holistic perspective required to defend the enterprise. To stay ahead, organizations must take a panoramic view, shifting from a “defend the perimeter” approach to one that establishes “Zero Trust” and “whole security”. Zero Trust demands that businesses diligently restrict access to “just enough”, with strong authentication based on multiple factors. Fundamentally, it means that you always assume there is a breach of your perimeter. “Whole security” takes this notion one step further by demanding organizations not only assume a breach, but that they actively seek to discover and identify it.
Effective whole security, therefore, requires a panoramic view into all valuable security telemetry, regardless of whether it comes from a traditional endpoint, network segment, email systems, cloud, or business applications. This is why we are seeing a greater shift towards extended detection and response (XDR) technologies which gather, normalize, and correlate data across the attack surface to give greater context.
XDR offers a wider view via a single platform for prevention, detection, and response across multiple attack vectors. It helps to boost security effectiveness and accelerate the time to detect, allowing teams to respond to threats much faster. Using machine learning, AI-powered analytics, and comprehensive threat intelligence, an XDR platform can quickly correlate disparate scraps of information. This helps to ascertain exactly what type of attack you’re dealing with. In doing so, security teams can drastically reduce dwell time and catch attackers before they have the opportunity to do harm.
Human in the loop security
Cybersecurity in the 21st century is about a lot more than getting alerts from systems. It’s about leveraging all your technology, people, and processes. The idea that any business can deploy a single platform that will solve all their security woes is a fallacy. However, technologies such as XDR move us much further along, providing the kind of the holistic visibility that is essential to whole security. Organizations need more than tools and gimmicks; they need technology plus expertise, threat intelligence, and a deep-rooted culture of customer care and collaboration to mitigate exposure to business risk.