One of the questions customers continually ask is what technology or technologies should be on their radar. While this is a loaded question, listed below are two technologies that will provide a starting point for you to see how these could benefit your organization.
1. XDR (Extended Detection and Response)
Gartner defines XDR as “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.” Most organizations have many point products to address different security concerns that are not integrated with each other. This lack of integration causes more work for the security operations center (SOC) analysts trying to make sense of all the data. They are working with multiple tools to view the data and then they need to use manual methods to try and correlate the data between the different systems.
The goal of XDR is to unify all security data into a synergistic system. The XDR platform will ingest all the logs from multiple security products into a platform that will correlate and normalize the data. Data may include logs from security incident & event management (SIEM) solution, multi-factor authentication (MFA) solution, Secure Email Gateway, endpoint detection & response (EDR) platform, and other products. The correlation of data is performed with the help of Artificial Intelligence (AI) and machine learning. This allows the XDR platform to operate more efficiently and effectively than using human analysis alone.
Each XDR vendor may have their own implementation and thoughts on what XDR means even if they are working off the same definition, so it is important to understand how each vendor tackles the XDR task.
At a minimum you need to ensure that an XDR solution can provide you with the following.
- Ability to pull in all data across your environment whether on premise or in the cloud.
- Identify and reduce false positives and present the incidents of greatest risk to the SOC analysts to prevent alert fatigue.
- Provide faster response, faster threat analysis and better visibility across all security platforms.
- Minimize the dwell time in the event of an infection.
- Use AI and machine learning to point out related events or behaviors that may appear unrelated and find hidden threats that have previously gone unnoticed.
- Ability to respond to threats manually or automatically depending on how you want the incidents addressed.
- Single interface or single pane of glass to work from.
2. Cyber Risk Management Platforms
Most companies have a Cyber Security Program that incorporates risk management with updated platforms making the process easier and providing business context to help with decision making. Traditional approaches still use spreadsheets to track program implementation against various frameworks, and compliance, which is very time consuming and static. Many programs are still fragmented in terms of full participation from key stake holders. You consistently see Cyber Security Team responsible for all things Cyber; however, if they do not have input regarding what they need and why, they cannot address issues.
Utilizing Cyber Risk Management Platforms helps provide the context needed for business decision makers to see the value and the need for cyber security investments. It helps with the communication gap between different departments while driving accountability. These platforms provide business-related benchmarking. For instance, your overall Cyber Security Maturity may be a 3.1 on a scale of 1 to 5 while the average in that industry is a 3.0. This provides context to upper management in terms of how the organization stacks up against peers, while providing the ability to do assessments based on future changes. For example, if your company is in the process of acquiring another company, you may want to see how this acquisition will affect your Cyber Security Maturity. You may enter the data and based on certain metrics; your maturity score will change which will help you decide if certain actions need to be taken prior to the acquisition.
Here are some of the benefits of a Cyber Risk Management Platform.
- Removes the traditional static process and provides a tool for all key individuals to support the Cyber Security program of the organization.
- Saves time, data that is put in for one framework may be overlayed over compliance regulations along with workflow automation.
- Bridges the communication gap between different departments
- Provides real business context when working with various departments
- Drives accountability
- Simplified alignment with Cyber Security Frameworks
- Simplified compliance with state and federal regulations
- Keeps you on task by tracking when certain items will be addressed
- Policy templates are included in some of these platforms