Cybercriminals and malicious hackers have been shifting their tactics, techniques, and procedures (TTPs) to improve their ability to infiltrate an organization and stay under the radar of security professionals and solutions. Moving to more targeted attack methods appears to be a mainstay among threat actors, which requires organizations to improve their visibility into the entire attack lifecycle. Gone are the days in which these attacks only target the endpoint, and as such, an expanded connected threat defense is paramount.
Many organizations have been adopting EDR (Endpoint Detection & Response) as a way to obtain more data about attacks on the endpoint. But as we’ve seen with even ransomware actors, the endpoint is being targeted less. Rather, attacks are laterally moving within an organization to find critical systems that will allow them to increase their chance of the organization paying the ransom. (See my recent webinar on trends in ransomware.)
This means the actors behind many financially motivated and targeted attacks will move across the network, and their tracks will be left in other areas of their network, not just on the endpoint. Expanding EDR to include other areas is the definition of XDR. The X could be network data, email or web data, data from cloud instances, and others. This would allow an organization to get visibility into the entire attack lifecycle, including infiltration, lateral movement, and exfiltration. This will improve the organization’s ability to prevent critical data exfiltration or the compromise of critical systems within their network.
The ability to do this requires a number of key components:
This will require a major shift from traditional security practices, as many organizations have supported a best-of-breed approach, utilizing multiple vendors (some say 50-100 security applications on average within a large enterprise). Instead, the future is moving to a more consolidated approach with fewer vendors. Having multiple vendors for different areas of security results in silos and segmentation due to a lack of integration across the security industry, but XDR could bring a shift in this practice as they include more support for 3rd party intelligence feeds.
Trend Micro has been innovating for 30 years and our breadth of security products allows us to successfully build an XDR solution. Also, our almost 15 years of investing in and building AI/Machine Learning technologies into our backend and frontend products will allow us to have the data analytics piece covered. Lastly, we have an extensive array of global threat intelligence that will allow us to ensure we can proactively detect and protect our customers.
Stay tuned for more information about this topic in upcoming blogs.