Extended Detection and Response Explained
This article is from RISQ Consulting’s Zywave client portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.
Extended detection and response (XDR) is a security solution that offers organizations end-to-end visibility, detection, investigation and response across multiple security layers. Unlike endpoint detection and response (EDR), XDR provides a holistic view of threats across the entire technology landscape rather than only those within managed endpoints. This article explains what XDR is and how it works, outlines the benefits of XDR and discusses how it compares to EDR.
What Is XDR and How Does It Work?
XDR uses data collected across multiple security layers to provide IT and security teams with real-time, actionable threat information. By utilizing extended visibility, analysis and response across endpoints, workloads, users and networks, XDR can help organizations reduce blind spots, detect threats faster and jump-start threat remediation. Essentially, XDR helps security teams:
- Recognize advanced and hidden threats
- Detect and follow threats in and across various systems
- Improve the time it takes to detect and respond to threats
- Improve the threat investigation process
There are several components of XDR that provide organizations with a wider grasp of threats via the following:
- An analysis of internal and external traffic—XDR can identify cybersecurity threats even after they’ve bypassed system perimeters.
- Integrated threat intelligence—XDR learns from attacks on other systems to detect similar events in its own environment.
- Machine learning-based detection—XDR can detect zero-day and nontraditional threats that bypass signature-based methods.
The Benefits of XDR
XDR adds value to organizations by combining multiple security offerings into one incident detection and response product. Benefits of XDR include:
- Greater visibility and context—Threats that utilize legitimate software, ports and protocols can often slip past system defenses undetected. With XDR, security analysts can see threats on any security layer. It can also offer insights into how an attack happened, who was affected and how it spread.
- Improved prioritization—As cyberthreats become increasingly frequent, it can be difficult for IT and security teams to keep up with security alerts. XDR can help prioritize threats by grouping related alerts across the framework and presenting the most important ones.
- Enhanced automation—XDR’s automation abilities allow IT teams to handle a large volume of data and consistently execute complex processes.
- Faster detection and response—Since XDR is continuously monitoring the technology landscape, it enables organizations to detect and respond to threats faster than before.
- More sophisticated responses—XDR can tailor specific systematic responses and leverage other control points to minimize the overall impact of the affected endpoint.
How Does XDR Compare to EDR?
XDR is an evolution of EDR—a cybersecurity solution that continuously monitors security-related threat information and endpoint data to detect and respond to ransomware and other types of malware. However, EDR can only detect and respond to threats inside managed endpoints, which limits the scope of threats that can be detected. In contrast, XDR goes beyond the capabilities of EDR by analyzing all security layers and offering organizations a more holistic view of threats.
Conclusion
In an increasingly complex threat landscape, XDR solutions can provide organizations with flexible and efficient security enforcement and remediation. For more risk management guidance, contact us today.
- Published in Blog
No Holidays for Hackers: Higher Revenue Losses for Non-weekday Cyber Events
This article is from RISQ Consulting’s Zywave client portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.
Ransomware events that occur on holidays and weekends cause much higher revenue losses than cyber incidents occurring on weekdays—primarily due to lower staffing levels—according to a survey of over 1,200 cybersecurity professionals.
Security firm Cybereason found that nearly half (44%) of organizations drop security staffing levels on holidays by as much as 70% andnder a quarter of respondents reduce their security staff by 90% from normal weekday levels. Just 7% of organizations have at least 80% of their security professionals available on holidays and weekends.
The impact is clear: one-third of respondents said they saw a much greater financial toll from weekend and holiday attacks, up from 13% in 2021’s study. The losses were even higher in the transportation and education sectors, where the number of respondents reporting higher revenue losses jumped to 48% and 43%, respectively.
“Ransomware actors tend to strike on holidays and weekends because they know companies’ human defenses often aren’t as robust at those times,” said Lior Div, Cybereason CEO and co-founder. “It allows them to evade detection, do more damage and steal more data as security teams scramble to mobilize a response.”
The study also revealed slower risk assessment times during breaks, with 60% of respondents saying it took them longer to fully understand the scope of the attack. This, in turn, slows down recovery time and adds costs.
Cybercriminals already know holidays and weekends are prime attack times, especially as the strain of relentless cyber events takes its toll on security professionals. In fact, multiple high-profile cyberattacks have occurred on holidays. In 2021, hackers made headlines on Mother’s Day weekend (Colonial Pipeline), Memorial Day weekend (meat supplier JBS Foods) and the Fourth of July (software vendor Kaseya). This year might be even worse, according to a few respondents.
“This November/December is going to be particularly rough, as it’s going to be the first time some people have been able to see their families since the pandemic began. All of that means that people will be further from the office and less likely to check alerts,” said one security analyst in the legal sector.
The survey indicated a few areas where organizations can improve their resilience to off-hours cyber events. More than a third (36%) of organizations said they had no business continuity plan, despite observing other companies’ struggles to bounce back. Of those firms that have already experienced a ransomware event, nearly a quarter (24%) still don’t have a ransomware-specific contingency plan.
Some industries are better prepared than others. Specifically, the IT/telecommunications sector and construction firms were most likely to be prepared, with 84% and 81% of respondents indicating they have plans in place for weekend and holiday events. Manufacturing (67%) and health care (65%) were less prepared, despite these sectors’ potential for high revenue losses or loss of life.
- Published in Blog