XDR from a technical point of view: bringing down the silos

“If you want to do IT security right, you quickly need to double your staff and depending on your IT landscape, even that will sometimes not be enough.” It may be simplistic but given the evolution of the threat landscape and the digital transformation that drives a shift to the cloud, there is a lot of truth to it. Trend Micro XDR can help you reduce the workload and improve your level of protection against the most sophisticated attacks.

Pieter Molen, Technical Director Trend Micro Benelux

Cybercriminals and malicious hackers have changed their tactics, techniques, and procedures (TTPs) to improve their ability to infiltrate an organization and stay under the radar of security professionals and solutions. Moving to more targeted attack methods appears to be a cornerstone for threat actors, requiring organizations to improve their visibility throughout the entire attack lifecycle. Gone are the days in when these attacks only targeted the endpoint, and therefore an expanded connected threat defense is of paramount importance.

IT and security teams are facing major challenges. Today, most organizations still have their own business infrastructure for IT. But they’re on a journey to the cloud – often faster than they thought, as the business is the driving force behind it and cloud technology allows them to deploy much faster than before. The application landscape is also shifting to the cloud (multi-cloud and hybrid), which not only requires resources to prepare the applications for the cloud, but also poses security challenges. Just think of possible misconfigurations in the cloud environment and the need to stay in control of both the on-premise and cloud infrastructure.

In addition, there is the boom in homeworking and the exponential growth of cloud-based user services (e.g. Office 365 replacing the own MS Exchange Server). In industrial settings, the OT (Operational Technology) environment is increasingly linked to the IT environment. This also requires the necessary attention and assets and, moreover, attracts more interest from hackers. Many changes that also affect IT security.

Why automated Detection & Response?

Many of the current IT security measures are based on the traditional way of protection. Just think of the classic firewall. ‘This looks suspicious, I’m blocking this’, ‘That’s a known attack, we’ll stop it’, preferably enhanced with functionality to stop unknown attacks based on behavior.

However, in addition to the digital journey of companies, attack techniques are also evolving very quickly. And the more complex they are, the more difficult detection becomes. You can also see that an attack no longer consists of one action like before. An attack is carried out in different layers and different components such end-points, servers, network and cloud infrastructures. Separately, these components can sometimes not even be recognized as malicious.

It is no longer a single tool that is used for the exploit, but components penetrate step by step in the different systems and the network. It can take weeks or months before they effectively become active. So, you need an overview that analyses all the telemetry data. Using Artificial Intelligence and threat intelligence, you can quickly assemble the pieces of the puzzle and find the needle in the haystack before it hits you.

There is more. Over the years, best-of-breed approaches have saddled organizations with too many different tools, resulting in additional costs, complexity, management problems, and security gaps. This adds to the workload for overwhelmed security teams.

Soccer stadium

If you have to look at all the telemetry data yourself – because you don’t have asolution like Trend Micro vision One   – you can best compare it to a large soccer stadium. It is filled – in pre-corona times – with about 50,000 supporters and 22 players on the pitch. With those 22 pawns on the field, you must watch if one person in the stadium is doing something wrong. The first check already takes 10 minutes and the stadium is refilled every hour. Expressed in numbers, this is how fast and how much data you need to process as a security specialist.

Beyond Endpoint Detection & Response (EDR)

Many organizations have been adopting EDR (Endpoint Detection & Response) as a way of obtaining more data about endpoint attacks. However, the endpoint is less often targeted by ransomware actors. Instead, attacks move laterally within an organization to find critical systems that increase their chances of getting the organization to pay the ransom.

This means the actors behind many financially motivated and targeted attacks move across the network, leaving their tracks in other areas of the network, not just the endpoint. Expanding EDR to include these other areas is the definition of XDR. The X could be network data, email or web data, data from cloud providers, etc. It enables an organization to get visibility into the entire attack lifecycle, including infiltration, lateral movement, and exfiltration. This improves the organization’s ability to prevent critical data exfiltration or compromise of critical systems within their network.

A leader in XDR

This is where Trend Micro XDR excels. It has been designed to go beyond the endpoint, collecting and correlating data from across the organization, including email, endpoints, servers, cloud workloads, and networks. This improved context and the power of Trend Micro’s AI algorithms and expert security analytics enable the platform to more easily identify threats and contain them more effectively.

Please reach out to analyze the possibilities for your organization.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.