• Home
  • Advertising
    • Why Advertise
    • Create Your Campaign
  • About
    • About Security on Screen
    • Privacy Policy
  • Webinars
  • Social Wall
  • Contact Us
Sunday, July 3, 2022
No Result
View All Result
  • Login
  • Register

No products in the basket.

Submit News
Submit video
  • Create Your Campaign
  • Product Groups
    • Access Control
    • Biometrics
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Cyber-Security
  • Industry sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
  • Create Your Campaign
  • Product Groups
    • Access Control
    • Biometrics
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Cyber-Security
  • Industry sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
No Result
View All Result
No Result
View All Result

The future of threat detection and response: An operation-centric approach

By Yonatan Striem-Amit, Chief Technology Officer, Co-Founder Cybereason

by Security On Screen
11/03/2021
in Cyber Security, Opinion, PRESS RELEASE

We are fast-approaching a full year since the outbreak of Covid-19. Over that time, we’ve undergone a number of notable changes, both in our everyday lives as well as in the working environment. Among them is the rapid transition towards remote working to accommodate for social distancing guidelines, a development that may soon become the norm. Indeed, one study has revealed that nearly half of employers intend to allow employees to work remotely full-time.

In the face of this new reality, companies must ensure that all employees are connected to their company network at any time and from anywhere, whilst doing so securely. This is a particularly arduous task as cybercriminals are also taking advantage of today’s unpredictable environment to execute their malicious schemes. From a spike in ransomware attacks to data exfiltration and crypto mining, cyber-attacks have escalated in volume as well as in their potential scope of damage.

Many existing endpoint protection (EPP) tools are simply not equipped to manage today’s threat landscape. If threats emerged as single, isolated attacks on a single company device, then organisations would be set. Unfortunately, attacks are not being carried out in this manner. They are coordinated across user identities, devices and endpoints. As such, organisations need solutions that can roll with the punches – enable real-time response -, and better yet anticipate – in order to prevent – the adversary’s next move.

In the world of cyber defence, the key question is if we can respond to an attack with accuracy. Can we fully remove the adversary without creating undue friction on the business? Put simply, we need to be able to respond, with the right response, and nothing but the right response. Unfortunately, technologies that send alerts when a suspicious activity is detected put the onerous task of determining the full, and correct response on the operator. A partial and incomplete handling of these activities may slow down the cybercriminal’s efforts but may not halt the attack as a whole. In bad cases, it could be akin to putting a Band-Aid on a bullet wound.

Organisations need a new approach to threat detection and response. The approach needs to understand and adapt to the modern enterprise: this includes devices, identities, network and SaaS. They need Extended Detection and Response, coined as XDR. But what should they be looking for in an XDR solution?

There are three key elements to consider before committing to one. Firstly, check that the technology can help you find the threats that are relevant to your business. A foundational step in security is knowing your attack surface: what does your network look like to an attacker, and what needs to be protected. An adept XDR solution should connect across your remote workforce, SaaS, IaaS, and even critical on-premises infrastructure to protect your enterprise network. Ensure the XDR solution aligns well with your overall IT strategy and can support critical systems with important protections (e.g. Anti-ransomware for Windows Servers).

Next, you will want to test if the solution can speed up your threat detection and response capabilities. The best solutions are operation-centric, which means instead of an alert on a single event, you’re presented with a highly correlated, intuitive view of the malicious operation. The technology should support machine readable threat intelligence, such as Indicators of Compromise (IOCs), or metadata associated with known-bad activity. In other words, evidence of the tools and artifacts of a breach.

More importantly, however, is the identification of Indicators of Behaviour (IOBs), or the actual actions and behaviours that take place. This might include a change of privilege or an application that instigates a process, perhaps an injection from one process to another. Hackers increasingly execute attacks with new and unique code tailored to an individual target environment. Therefore, there may not be any old indicators to suggest a compromise, offering an inaccurate assessment of your company’s security posture. Indeed, cybercriminals are using existing software already deployed across your environment for their schemes; that is, they are ‘living off the land’. With an XDR solution that can identify IOCs and IOBs across endpoint, email, identities, and cloud activity, you get a clearer picture of any malicious activity and are closer to a complete remediation.

Finally, an evaluation of the technology’s response to threats should be made. As soon as an attack is identified and understood from a macro-level, the ideal XDR solution should automatically deploy remediation actions; or at least, it should have the ability to guide you through the best response. For example, kill a process, block a user, quarantine an asset or remote shell, which can all be accomplished remotely with one, simple click. In short, seek solutions that offer flexible options and automation that aligns with your security workflows.

With a strong XDR solution, we, the defenders, can regain the upper hand with the ability to detect, correlate and stop attacks in real-time, even across complex, ever-evolving enterprise environments. Unlike SIEM or log management tools, XDR promises an experience focused on security value — better detection, easier investigation, faster response. In order to defeat an adversary that can weave between data silos and understands detection alerts, it requires an operation-centric approach. Look to XDR to help you understand your attack surface, expose the malicious operation, and take action to stop the threat.

www.cybereason.com

Tags: CybereasonCybersecurityOpinionthought leadershipThreat Detection
ShareTweetShare

Related Posts

British Security Awards announces 2022 winners
Education & Events

British Security Awards announces 2022 winners

OneQode teams with up Corero Network Security to protect customers from malicious DDoS attacks
Cyber Security

OneQode teams with up Corero Network Security to protect customers from malicious DDoS attacks

Seagate and Secure Logiq release recording of surveillance industry storage webinar
PRESS RELEASE

Seagate and Secure Logiq release recording of surveillance industry storage webinar

Euralarm releases revised study on False Fire Alarms in Europe
PRESS RELEASE

Euralarm releases revised study on False Fire Alarms in Europe

KnowBe4 kicks off ransomware awareness month with resource kit
Cyber Security

KnowBe4 kicks off ransomware awareness month with resource kit

Panasas teams up with MLCommons for advanced machine learning
PRESS RELEASE

Panasas teams up with MLCommons for advanced machine learning

Load More

The Tannery, 3a John Street, Tunbridge Wells,
Kent TN4 9RU
All enquiries: +44 (0)1892 525141

  • Home
  • Advertising
  • About
  • Webinars
  • Social Wall
  • Contact Us
No Result
View All Result
  • Login
  • Sign Up
  • Cart
  • Home
  • Why Advertise
  • Create Your Campaign
  • About Security on Screen
    • Privacy Policy
  • Webinars
  • Social Wall
  • Contact Us
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
  • Product Groups
    • Access Control
    • Biometrics
    • Cyber Security
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Industry Sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities

© 2020 SecurityOnScreen.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.