Traditional security strategies cannot always reliably defend against modern cyber attacks. But the attacks of cybercriminals are increasing in number, becoming increasingly complex and spreading across a wide variety of systems. Recognizing them is therefore a continuously growing challenge for companies. […]
In order to keep track of the threat landscape in the entire IT environment, companies therefore need a holistic solution – this is exactly what Extended Detection & Response (XDR) offers. How does the new technology work and what advantages does it bring?
Security employees are confronted with ever-increasing challenges, so that they can no longer guarantee comprehensive security. According to an ESG study, 85 percent of companies agree that identifying threats and responding quickly is an increasing hurdle. In addition, their security strategies are often no longer able to keep up with the advanced methods of cybercriminals. The attacks usually take place in waves and across numerous levels. Companies are forced to move: to ensure their business continuity, they must have a comprehensive overview and the ability to quickly detect and respond to complex security incidents. This is where XDR technology comes in. It creates transparency about the threat situation and offers artificial intelligence (AI) and automation to help security employees.
Increase the level of protection with AI and machine learning
In order to counter the growing threat of cyber attacks, artificial intelligence plays an important role with the help of machine learning. For example, it makes it possible to automate analyses and quickly uncover even complex attacks using detection models. According to a Capgemini study, almost two-thirds of companies believe that they will not be able to identify critical threats without AI. Almost three quarters of respondents are already testing AI in cybersecurity and three out of five companies say that the use of AI increases the precision and efficiency of security analysts. The results of a study by Trend Micro are similarly positive. According to her, 79 percent of German companies expect that they will be able to mitigate the effects of the shortage of skilled workers with the help of AI in cybersecurity.
In XDR, AI and machine learning are used to analyze the collected security alerts, filter out relevant messages and correlate them, so that correlations become visible and usable warnings arise. How accurate an AI is always depends on the data it is trained with. Therefore, it is advisable to choose an XDR solution that is used by as many customers worldwide as possible. In this way, the AI can access a broad database.
However, artificial intelligence will never be able to replace human security analysts. The best possible safety is always achieved by combining modern technology and expert know-how. An XDR solution should therefore also incorporate leading threat analyses that contain up-to-date threat information from security researchers around the world. For example, Trend Micro XDR uses data from the Zero Day Initiative (ZDI), whose members have discovered around 50 percent of all known vulnerabilities for the first time.
XDR covers gaps in IoT Security
Many companies today use Internet of Things (IoT) applications or have built business models based on them. For example, use cases such as predictive maintenance, intelligent building management, smart grid or individualization of production are possible. However, IoT is also a security challenge. Because the networking of operational technology (OT) and IT suddenly makes systems that were previously largely isolated vulnerable to attack via the Internet. They often have no built-in security, and no security software can be installed. Many also have an old operating system status with open vulnerabilities and cannot be patched. In order to protect such systems, it is all the more important to detect and eliminate threats in the IT environment at an early stage before they cause damage. XDR can make a valuable contribution here.
For the OT-Security itself, specialized security systems are usually necessary, which are tailored to the special requirements of production environments. For example, they have to cope with the environmental conditions on the shop floor, master the OT-specific protocols and need extremely low latency. To date, OT security systems have not yet been able to communicate directly with an XDR platform – but this should be possible in the future.
Due to the increasingly opaque threat landscape, optimized technologies and services are essential for companies. Automation, AI and machine learning play an important role in this. XDR enables companies to better detect modern cyber attacks and at the same time react to them faster by intelligently correlating security messages and ensuring an overview of the entire threat situation in the IT environment – right down to the IoT. With this increased detection and response capability, companies are prepared for ever-increasing security challenges.
*The author Udo Schneider is IoT Security Evangelist Europe at Trend Micro.