Endpoint Protection Has Limitations
Cyber attacks increased exponentially in 2021, sadly making it a landmark year for successful breaches. This dramatic growth in cyber attacks combined with an increase in threat complexities represents a nightmare for cyber security teams. Pandemic related compression of some cyber security budgets also creates a perfect storm for rogue actors. Faced with a monumental challenge, an organisation’s ability to identify cyber threats and respond to them quickly has never been so critical. Yet, traditional threat detection and response approaches, comprising layered visibility across systems, have repeatedly fallen short.
EDR as an example detects only 26% of initial attack vectors, while also overwhelming security teams with a high volume of security alerts – often leading to critical alerts being ignored. Detection of threats by EDR solutions – as with antivirus tools – relies heavily on digital signatures to detect malware and ransomware. The sheer volume of new malware, combined with the increase in polymorphic variants that change appearance each time they replicate, has created an insurmountable challenge for EDR systems. Incidences of malware and ransomware continue to grow at a significant pace. Identification of breaches also remains a massive challenge. The average time to identify and contain breaches currently stand at 197 days and 69 days respectively. Ample time for hackers to patiently achieve their attack objectives post breach.
Extended Detection & Response (XDR)
An extended detection and response (XDR) solution is designed to aggregate the key telemetry that is generated by traditionally, siloed security products, including firewalls, EDR tools, CASB platforms, vulnerability risk management tools, public clouds, threat intelligence, and more. The XDR solution typically works by deploying sensors and log forwarders on physical and virtual devices throughout the network. The XDR’s centralised data processor and data lake de-duplicates, correlates, enriches, indexes and stores all of the key security data that it receives - from each of the disparate cyber security systems. AI-driven, complex analytics are continually applied by the XDR to this centralised dataset to identify cyber threats, sophisticated attack vectors and high fidelity breach events in real-time.