GUEST OPINION by Luke Smith, Regional Account Director, Barracuda MSP: As Australian businesses plan for the year ahead, many wrestle with the best way to tackle an ever-evolving IT security threat landscape. As a matter of fact, research notes that 83% of SMEs in Australia feel exposed to cyber threats, and the figure is even higher for SMEs in New Zealand at 87%.
In the midst of ransomware and supply chain attacks, IT security teams are looking for effective ways to monitor infrastructures, collect data on anomalous events, and take preventive and remedial action when necessary.
Teams are acutely aware that approaches that have worked in the past may no longer be effective. It’s not enough to simply build a secure network perimeter around key digital assets and then restrict access.
Employees today are most likely to work from home, using a browser and email to access applications and data. Many applications have also migrated from client-server based to web-based, while Internet connections have replaced local area networks.
The attacks themselves have also changed in their nature. Today, instead of being raised by so-called script kiddies, they are often carried out by sophisticated hacker groups and even nation-states. They have also evolved from intrusive to disruptive and even destructive.
The rise of XDR
As a result of these changes in the threat landscape, a new approach to IT security is required. This approach goes beyond endpoint security and covers the entire distributed infrastructure.
The strategy, called Extended Visibility, Detection and Response (XDR), represents a further development of IT security that combines a number of existing components. This significantly increases the protection of applications and data.
The extended visibility component of an XDR strategy involves achieving transparency about every component within an IT infrastructure. These components include everything from network connections and servers to endpoints, software-as-a-service (SaaS) applications, and other cloud-based components.
Once this transparency is achieved, monitoring data from each component can be collected at a central point where artificial intelligence tools are used to detect anomalous activity. This can be anything from a ransomware attack to a rogue employee stealing data for profit.
Once a threat is identified, the strategy’s response component kicks in. This can either be an automated response taking steps such as: These responses can be anything from forcing user password resets to disabling accounts or blocking specific IP addresses.
Essentially, an XDR strategy enables a security team to achieve what is referred to as “defend in depth.” This includes everything from stopping phishing and anomalous login attempts to malware or ransomware. Defense-in-depth encompasses all traditional areas of IT security, including email protection, authentication monitoring, endpoint protection, network monitoring, and protocol security monitoring.
XDR versus SIEM
When considering an XDR security strategy for the first time, many security professionals are unsure how it differs from their existing Security Information and Event Management (SIEM) approach.
SIEM involves the log-centric collection of data from endpoints, firewalls, and network components. This means it’s heavily focused on enterprise data centers and can be expensive for small datasets. It also allows only one-way interaction with IT resources.
XDR, on the other hand, offers deep two-way integration with all assets. It is a cloud-native strategy that can be scaled out and connected to all components within an infrastructure regardless of their location.
It is much less expensive and inherently much more visual than SIEM for both sparse and dense datasets. Improved visualization is possible as collected security event data is provided as easy-to-understand graphs and maps rather than in the form of a log.
The Managed XDR concept takes this IT security approach one step further. It recognizes that technology alone cannot solve all problems, as people and processes must also be considered and covered. Managed XDR involves combining strategy with the benefits provided by a Security Operations Center (SOC).
XDR then becomes the technology platform that consolidates data feeds, correlates events, identifies incidents, and recommends remedial actions. In the meantime, the SOC is investigating alerts, conducting additional threat hunting, and tracking the success of remedial actions taken.
Implementing a managed XDR strategy can bring significant benefits to an organization faced with a rapidly evolving IT security threat landscape. It can cover all components of an infrastructure, collect data and make it available in an easily understandable form. The SOC can then ensure that responses are proportionate and effective, thereby ensuring assets are safe at all times.
With the number and severity of IT security threats showing no sign of abating, a managed XDR strategy may be the best strategy for SMBs to ensure effective defenses are in place for the months and years to come.
INTRODUCING ITWIRE TV
iTWire TV brings unique value to the technology sector by providing a range of video interviews, news, views and reviews, and also offers vendors the opportunity to promote your business and marketing messages.
We work with you to develop the message and conduct the interview or product review in a safe and collaborative manner. Unlike other tech YouTube channels, we create a story around your message and publish it on ITWire’s homepage, linking to your message.
Additionally, your interview message may appear in up to 7 different post ads on our iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant lead generation opportunity for your business.
We also offer 3 videos in one recording/session if you wish so you have a range of videos to promote to your clients. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
Check out the latest tech news, views, interviews, reviews, product promos and events. Plus funny videos from our readers and customers.