EXPERT OPINION
XDR – but what should they be looking for in an XDR solution ?
Choosing the right XDR solution
There are three key elements to consider before committing to one . Firstly , check that the technology can help you find the threats that are relevant to your business . A foundational step in security is knowing your attack surface : what does your network look like to an attacker , and what needs to be protected . An adept XDR solution should connect across your remote workforce , SaaS , IaaS and even critical on-premises infrastructure to protect your enterprise network . Ensure the XDR solution aligns well with your overall IT strategy and can support critical systems with important protections ( e . g . anti-ransomware for Windows Servers ).
Organisations need solutions that can roll with the punches , enable real-time response , and better yet , anticipate – in order to prevent – the adversary ’ s next move .
Next , you will want to test if the solution can speed up your threat detection and response capabilities . The best solutions are operation-centric , which means instead of an alert on a single event , you ’ re presented with a highly correlated , intuitive view of the malicious operation . The technology should support machine readable threat intelligence , such as Indicators of Compromise ( IOCs ), or metadata associated with known-bad activity . In other words , evidence of the tools and artifacts of a breach .
More importantly , however , is the identification of Indicators of Behaviour ( IOBs ), or the actual actions and behaviours that take place . This might include a change of privilege or an application that instigates a process , perhaps an injection from one process to another .
Hackers increasingly execute attacks with new and unique code tailored to an individual target environment . Therefore , there may not be any old indicators to suggest a compromise , offering an inaccurate assessment of your company ’ s security posture . Indeed , cybercriminals are using existing software already deployed across your environment for their schemes ; that is , they are ‘ living off the land ’. With an XDR solution that can identify IOCs and IOBs across endpoint , email , identities and cloud activity , you get a clearer picture of any malicious activity and are closer to a complete remediation .
Finally , an evaluation of the technology ’ s response to threats should be made .
42 www . intelligentciso . com