Adversaries are getting more impactful and dangerous with each passing day. They learn from each other, exchange tools and knowledge and work like a community to launch sophisticated cyberattacks. Unfortunately, there are now many ways to gain an entry into an organization’s network and adversaries know all of them. If one approach does not work, they will typically try another until they find a foothold inside a network.
Sophos’ Active Adversary Playbook 2021, which details attacker behaviors and their tools, techniques and procedures (TTPs), shows that the median attacker dwell time before detection was 11 days. This means adversaries have 11 days between their initial foothold and being detected. In this time, adversaries try to get control of all the computers on a network so they can steal as much data as they can, and scramble as many devices as possible, thus leaving an organization in the most vulnerable position possible.
In order to prevent adversaries from gaining an entry to an organization or to minimize the damage in case they get an entry, Chief Information Officers (CIOs) or Chief Information Security Officers (CISOs) should make sure that they have technologies and services that help them to have necessary prevention and detection in their organization’s cybersecurity defense.
Below are key must haves that CIOs or CISOs should deploy within their organisations.
Extended Detection and Response (XDR) Solution: Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) are important tools for threat hunting. According to analyst firm Gartner, Extended Detection and Response (XDR) is “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.”
These tools help organizations to hunt across their environment to detect indicators of compromise (IOCs) and indicators of attack (IOA).
While EDR are powerful tools, they are limited to detection and response on endpoints and servers.To defend IT infrastructure more comprehensively an integrated detection and response system is key. This is where XDR comes in. XDR takes the idea of EDR and extends it. It goes beyond the endpoint and server, incorporating data from other security tools such as firewalls, email gateways, public cloud tools and mobile threat management solutions.
Managed Detection and Response Services: Adversaries are changing their tactics, techniques and procedures to increasingly launch cyberattacks that combine automation with active human interaction or “hands on keyboard” hacking. As businesses see a constant increase in the cyberattacks leveraging these attack methods, CIOs need to ensure their current cybersecurity defenses can stand up against active cyber attackers by leveraging a managed detection and response provider which can conduct threat hunts, detect attacks, investigate suspicious activity, and respond to incidents.
Security operations requires the right tools, people and processes in-house to effectively manage security around-the-clock. Yet, many businesses struggle to put all of these much-needed pieces in place. This dilemma has given way to a new solution: Managed Detection and Response (MDR) services.
MDR services are outsourced security operations delivered by a team of specialists. MDR services act as an extension of organizations’ security team, combining human-led investigations, threat hunting, real-time monitoring, and incident response with a technology stack to gather and analyze intelligence.
Synchronized Security Technology: Irrespective of the size of enterprises, native endpoint, server, firewall, and email security are foundational for any IT security strategy. Unfortunately, for the longest time, these solutions simply didn’t communicate with each other – they were independent and isolated silos, which limited their effectiveness and their manageability.
It is imperative for businesses to understand the importance of linking leading security solutions in a coordinated and integrated approach. Technology like synchronized security that integrates – native endpoint, server, firewall, and email security- is need of the hour as it delivers better protection – and better manageability – for organizations of any size.
(The author Sunil Sharma is Managing Director-Sales at Sophos India & SAARC and the views expressed in this article are his own)