Since the dawn of the internet, cyber threats and cybersecurity solutions have been endlessly intertwined in an evolutionary arms race. As cyber threats become increasingly complex, taking the form of phishing, ransomware, and password attacks, so have cybersecurity solutions.
In the past few decades alone, cybersecurity providers have come up with a variety of offerings, including endpoint detection and response, network detection and response, and log detection and response. But what if governments could streamline their security measures, and get all these capabilities in a single, unified solution?
Enter extended detection and response (XDR), a cybersecurity model that is rapidly gaining traction with cybersecurity teams of all types and sizes. XDR offers a single unified platform that can ingest, correlate, and detect potential threats across multiple sources of data. GovInsider sits down with JP Yu, Head of APAC Sales from software provider NetWitness, for a deep dive into the promises XDR offers.
1. What are some of the current challenges in detecting and responding to cyber threats?
The volume, velocity, and sophistication of threats are at their highest points ever. Preventive controls like firewalls, antivirus, and phishing detection, while necessary, are woefully insufficient. To effectively defend themselves, organisations require comprehensive solutions that extend existing security tools, while closing security gaps that attackers exploit.
2. Tell us more about XDR. Why is it important for organisations today to adopt XDR as opposed to other detection and response solutions?
Threat detection and response is now coalescing under the industry term “eXtended Detection and Response,” (XDR), in recognition of the broad and deep coverage required in today’s cyber environment. XDR presumes that determined adversaries will find a way to breach cyber defences. Even if they are stopped 99 times, it only takes one success to create severe harm with ransomware, data breaches, or just vandalism.
A true XDR platform can see across an organisation’s varied digital systems and deprive attackers of a place to hide. As the NetWitness XDR tagline says, “see everything, fear nothing”.
NetWitness XDR provides all the important capabilities required to defend against cyberattacks in a single unified platform. It combines data from all key data planes, including logs, network traffic, endpoints and hosts, and internet of things (IoT) devices.
Because this dataset is far too large for manual analysis, NetWitness applies sophisticated artificial intelligence and machine learning, along with robust threat intelligence to catch known threats, and automates the process of investigation and response. Security analysts at all levels can operate the NetWitness XDR solution to protect against nefarious actors.
3. Are you able to share any case studies of NetWitness XDR in action?
The NetWitness XDR Professional services team works with customers every day to detect and resolve attacks before they become a problem. Their work feeds directly back into the NetWitness Platform XDR product, in terms of both feature and function and for the threat intelligence gained in real-world use.
Threat intelligence essentially encodes experience into the software – the tactics of attackers, the “indicators of compromise” they leave behind, and the “command and control” systems they use to orchestrate attacks.
NetWitness XDR watches for them and alerts security staff immediately, creating an investigation workflow to quickly respond. Many attacks are stopped in this way before they can detonate a payload; ransomware or data theft are common threats today.
That’s why it’s critical to have XDR in place before an attack takes place. Unfortunately, we sometimes get called in after an attack and are left with forensics (determining what happened) and recovery (eliminating a threat and preventing it from recurring).
In one recent instance, we helped a client in the online gaming industry resolve not one but two simultaneous attacks. This client has high security standards, but attackers were still able to get through. Going forward, they’ll be in a much more proactive posture to swiftly detect and eliminate threats.
4. What makes NetWitness XDR different from other threat detection and response solutions currently on the market?
Most industry participants have a specific focus. Often they come from an endpoint detection and response focus, but that’s too narrow all by itself. NetWitness has been integrating data planes for years so that security analysis can be conducted across all of them. In addition to endpoint support, logs provide valuable data that is normalised across wildly different systems and formats.
Network packets – a particular strength of NetWitness XDR – hold the complete record of an organisation’s digital activity, but its sheer volume creates fundamental challenges to hardware and software scalability, and the analytics required to make them useful.
IoT data is diverse and distributed, requiring whole new methods of collection and analysis, and an understanding of protocols and methods that are different from traditional IT. NetWitness XDR integrates all this content using a unified data model to provide the industry’s broadest and most effective security coverage.
Learn more about NetWitness XDR at GovWare! Visit them at booth E09 to learn how this new approach towards detection and response can help level up your organisation’s cybersecurity. Alternatively, reach out to the NetWitness team to request a demo.