Open and Native XDR: The End of Complexity and the Beginning of Control

Vibin Shaju, Managing Director – UAE, Trellix

In the United Arab Emirates (UAE), as in other countries, COVID-related lockdowns have forced businesses to respond. And they responded, with an unprecedented migration to the cloud, to make remote working easier. And every sign points to a future that will retain that pattern in one form or another.

A Ciena survey from June 2020 shows that knowledge workers in the UAE expected remote work flexibility to continue after the COVID crisis ended. Some 79% predicted that they would work remotely more often. More recent studies show this figure to be as high as 86%.

This hybrid work future puts today’s CISO and their SecOps team in a bind. They watched helplessly as the necessary migration to the cloud forced them into complex forests of unknowable endpoints and domains. Employees invariably used personal devices to authenticate to corporate environments, and third-party networks frequently handled corporate data, which may or may not be sensitive. And now security teams have to face the fact that there is no going back to more secure and more manageable infrastructures. Hybrid work is here to stay.

Rising threats

Amid a growing area of ​​compliance, which now includes the UAE’s own Personal Data Protection Act (PDP), security teams have had to transition their practices from EDR (endpoint detection and response ) to XDR (extended detection and response). This pivot was not there for nothing. The United Arab Emirates and its neighbor Saudi Arabia have faced a wave of cyber incidents during the pandemic years. Threat actors have taken full advantage of new working conditions and the proliferation of technologies. They struck using more innovative methods and they struck more often. Today, a complex mix of technologies is required to support security operations, but this only adds to the complexity that caused the threat to escalate in the first place. And to make matters worse, the pervasive cybersecurity skills gaps continue to widen.

reduce noise

Trellix’s conversations with customers reveal an alarming number of security tools in place. For large organizations, the average is over 70 different security tools used every day. This leads to false positives, unreported threats, and a host of other errors that pose a clear and present danger to the business. Running between screens trying to gather information while an attack is in progress results in a suboptimal response.

Tool complexity without a unifying platform is the greatest enemy of any threat hunter. Complexity is better managed when open APIs enable security teams to access event data from external solutions and automatically correlate it with native sources. Even in the noisiest environments, teams of specialists will be able to identify threats and react quickly and effectively because they have a rich view of the environment. Open-architecture platforms have the added benefit of being inherently easy to integrate, which means they deliver a faster return on investment.

This is why open, native XDR is so important. The flexibility and centrality of such a system allows teams to network the elements of their security ecosystem and reduce complexity. Integration with as many solutions, from as many vendors as possible, is desirable. The platform must be able to bring all of these sources together in a central pane and combine their telemetry with best-in-class threat intelligence across common vectors such as endpoint, email, network, and cloud.

This open-architecture XDR does what XDR was meant to do: unite data from across the ecosystem and beyond to empower security analysts to become threat hunters. This greatly reduces the possibility of a false positive or missed threat. Alerts become more actionable because they don’t need to be expertly sifted through a sea of ​​others.

Fit like a glove

Open, native XDR makes even more sense for small and medium-sized businesses, which don’t have the budget, time, or staff to use many different security tools. They need to eliminate their complexity without a lengthy migration process. Open platforms grow with these businesses, giving them composable security – a custom platform that becomes what they need.

Faced with technological complexity, companies need visibility into every corner of the infrastructure. Overstretched and underfunded security teams need a break from alert fatigue and confused scrambles to hunt threats. Security solutions must fit organizations like gloves, bending to their unique requirements. Open XDR platforms connect all current SOC tools through an open and extensible API framework. There’s no better visibility than this – a native, end-to-end footprint spanning endpoints, cloud, network and data.

From this approach emerges a living security ecosystem of detection, mitigation and response. Complexity has been neutralized by openness. This is the environment CISOs have been waiting for. This is an environment ready for the future of hybrid working. This is the future of cybersecurity.

Sharon D. Cole