editor ’ s question

he cybersecurity

Add in the fact that several security teams are either stretched or underskilled , not to mention , many face pressure to keep budgets in check , and it really is a perfect storm . In an effort to level the playing field , security teams are turning to technology . But that comes with challenges of its own .

A lack of clarity

Today , an organisation ’ s security infrastructure will include everything from Security Incident and Event Management ( SIEM ) and Security Orchestration Automation and Response ( SOAR ) to Network Detection & Response ( NDR ) and Extended Detection and Response ( XDR ).

Admittedly , the tools each have value , so that ’ s not the problem . The challenge is that each new tool adds another data silo . Each separately reports its own specific data based on its own particular use and area of the network . And it ’ s then down to the analysts , who are faced with multiple alerts from multiple systems and solutions , to make sense of it all .

When there are too many alerts , issues can be notified to lots of different teams , or worse ; missed altogether . Alert fatigue – where the team is exposed to constant alerts and consequently fail to act when it really matters – is a real problem . This is why XDR tools are designed as a holistic , top-layer solution that collects data from multiple sources to provide a comprehensive picture , enabling real-time incident detection and response . But again , it ’ s not that simple , as XDRs vary in quality , effectiveness and even function .

Context is key

Enter : the value of contextual insight . Rather than simply churning out data and leaving it to the over-worked analyst to handle , some XDR tools can go a step further by providing that allimportant context .

HADI JAAFARAWI , MANAGING DIRECTOR – MIDDLE EAST , QUALYS

All alerts may look basically the same in one tool . But , when brought together with external threat intelligence and other security data , that harmlesslooking alert will suddenly have more meaning and jump up the priority list . XDR is designed to break down data silos and provide the context required to help analysts get better insight , by creating a consolidated view of the entire enterprise technology stack and any threats . It pulls together all security solutions and functions into one place , giving analysts a single , comprehensive view of threats across the entire network .

Providing context using XDR gives security professionals the visibility and insights they need to reduce risks and improve their security approach . It empowers busy teams with the clarity and context to enable them to make the right decisions and deal with potential issues – quickly .

28 www . intelligentciso . com