EXPERT OPINION
XDR — The future of threat detection and response
Yonatan Striem-Amit , Chief Technology Officer and
Co-founder at Cybereason , tells us how a strong XDR solution can enable us to regain the upper hand with the ability to detect , correlate and stop attacks in real-time , even across complex , ever-evolving enterprise environments .
Yonatan Striem-Amit , Chief Technology Officer and Co-founder at Cybereason or businesses across
F the UAE , and the globe for that matter , one of the realities of the new world we live in is the hybrid workforce . According to a recent study from Aetna International , two-thirds of UAE employees want to return to the office , with the balance preferring to work from home , once the crisis has abated .
Against this backdrop , companies must ensure that all employees are connected to their company network at any time and from anywhere , while doing so securely . This is a particularly arduous task as cybercriminals are also taking advantage of today ’ s unpredictable environment to execute their malicious schemes . From a spike in ransomware attacks to data exfiltration and cryptomining , cyberattacks have escalated in volume as well as in their potential scope of damage .
The case for XDR
Many existing endpoint protection ( EPP ) tools are simply not equipped to manage today ’ s threat landscape . If threats emerged as single , isolated attacks on a single company device , then organisations would have defences in place to mitigate the attacks . Unfortunately , attacks are not being carried out in this manner . They are coordinated across user identities , devices and endpoints . As such , organisations need solutions that can roll with the punches , enable real-time response , and better yet , anticipate – in order to prevent – the adversary ’ s next move . In the world of cyber defence , the key question is can we respond to an attack with accuracy ? Can we fully remove the adversary without creating undue friction on the business ? Put simply , we need to be able to respond with the right response and nothing but the right response . Unfortunately , technologies that send alerts when a suspicious activity is detected put the onerous task of determining the full and correct response on the operator . A partial and incomplete handling of these activities may slow down the cybercriminal ’ s efforts but may not halt the attack as a whole . In bad cases , it could be akin to putting a plaster on a bullet wound .
Organisations need a new approach to threat detection and response . The approach needs to understand and adapt to the modern enterprise : this includes devices , identities , network and SaaS . They need Extended Detection and Response , coined as www . intelligentciso . com
41