Embracing the cloud helped companies accelerate digital transformation during the pandemic years.
But as they emerged to a very different technological reality – based on heavy use of cloud applications, services, and data storage platforms – challenges around skills, data governance, and cloud security have shown how easily their digital business dreams can become a security nightmare.
Three-quarters of Australian respondents in a recent Hitachi Vantara global survey of 1288 large businesses worried that their data infrastructure isn't resilient enough to recover from a ransomware attack – and two-thirds worried about detecting a data breach quickly enough to protect their data.
One solution is managed detection and response (MDR) services, which see human security experts in security operations centres (SOCs) managing services such as security information and event management (SIEM) and endpoint detection and response (EDR).
Such services bring proactive threat intelligence and incident response services to companies that may not have the in-house resources to do it themselves. Yet beware would-be MDR providers that only pretend to offer a full suite of capabilities, warns Gartner, whose latest Gartner Market Guide for MDR outlines the elements of a successful MDR capability.
Powering a data-driven security response
An increasingly important MDR offering is Extended Detection and Response (XDR) – cloud-based security suites giving SOC teams threat prevention, detection, and response capabilities that are continually updated with details of new cybersecurity threats.
“XDR is really a foundational technology layer,” explains Rob Dooley, Asia-Pacific and Japan Vice President with Rapid7.
“It’s the evolution of the EDR market – which has been a game-changer in the security industry – and the SIEM market, which is foundational to how most organisations do security.”
With dozens of legacy security platforms creating functional and disconnected ‘silos’, Dooley said XDR is about “breaking down those silos in a SOC environment to give users end-to-end visibility and superior security efficacy in their threat hunting.”
XDR takes telemetry from sensors monitoring network, endpoint, and even end-user behaviour analysis (UEBA), then combines them into a ‘single pane of glass’ view.
Add an automation layer, Dooley explains, and XDR “makes it easy for you to choose your operating model – whether you will partially insource, entirely insource, or move to a partner such as an MDR provider that takes the technology platform and delivers the security outcome for you.”
Another key differentiator is the XDR provider’s use of artificial intelligence (AI) for low-level data filtering and high-level trend analysis.
“AI has been a game-changer,” Dooley explained, noting that despite “some really cool technology on the user interface…. Where AI has been transformational is how you can use AI at the back end.”
“We ingest terabytes and petabytes of data, and finding the malicious signals within that has always been a challenge – but using advanced threat intelligence and the AI layer we’ve invested in, we’ve now got a high fidelity ability to identify threats and then remediate at speed.”
Access the full State of Security report: Here