According to the Office for National Statistics, in February 2022, eight in ten workers who worked from home during the pandemic said that they planned to hybrid work in the future. This shift in work patterns brings more possibilities for cybercriminals to exploit weak spots in a business’ network. Here, Nathan Charles, head of customer experience at cyber security specialist OryxAlign, explains how consolidating your cybersecurity strategy under an extended detection and response (XDR) platform will reduce complexity, improve security and cut costs.
Cybercrime has evolved over the years to become more organised, with more sophisticated attacks. According to CyberEdge’s 2022 Cyberthreat Defense Report, ransomware attacks affected 73 per cent of UK organisations over a twelve month period.
Cybercriminals will now study businesses, probing for weak spots and learning how they operate. With the recent shift in working habits, largely brought on by the pandemic, there are now more attack surfaces for criminals to target.
Before this shift, IT systems in businesses were generally set up as a ‘ring fence’ model to protect their offices from cyber-attacks using firewalls and antivirus. However, with the increased number of staff working from home, and even using public networks at places like cafes, this ring fence style model can be easily compromised through endpoints.
As well as laptops and mobile phones, endpoints can be any device connected to a network, such as security cameras, remote controlled heating systems, gaming devices. These endpoints may lack the level of security that is on your business’ core network, meaning that they are weak spots to be exploited.
The consequences of a successful attack can vary from operational downtime to paying a ransom for encrypted data to being fined under the General Data Protection Regulation (GDPR) privacy law.
Current issues
Traditionally, antivirus systems have operated in silos – limited to detecting and responding to threats on individual devices, or endpoints. The solution was previously Endpoint Detection and Response (EDR). A study by Enterprise Strategy Group found that 60 per cent of businesses use 25 or more different security products, with 44 percent purchasing from more than ten vendors.
For example, a business might have different solutions to cover areas such as its endpoints, database, and emails. This installation of multiple layers of security can present some issues.
Adding more layers makes it harder to visualise the security profile of the business. This means that an IT department might have to deal with multiple reports simultaneously from different systems.
This also makes it more difficult to trace an attack. If the attack spreads from one area to another, an IT operator has to rely on the different solutions they have in place, which also may not be communicating with one another.
Paying for multiple solutions from different vendors to cover all areas of a business can be costly. Additionally, staff must be trained to use each solution and there is the possibility of an undetected weakness being breached.
Cyber security consolidation
According to Gartner, 80 per cent of businesses will have adopted a strategy to unify web, cloud services and private application access from a single vendor’s Security Service Edge (SSE) platform by 2025. Additionally, 50 percent of mid-market security buyers will use some form of extended detection and response to consolidate their security technologies.
XDR provides end-to-end visibility, detection, investigation, and reaction across the entire IT ecosystem, including networks, endpoints, and cloud environments. The key elements of an XDR architecture include federation of security signals, higher-level behavioural and cross-correlated analytics, plus closed-loop and highly automated responses.
Because it can cover so many areas of the business, it provides a much more user-friendly platform. This eases the pressure on an IT department, as any alerts from devices across the IT system will report to one place.
From a security perspective, consolidating threat defence into one system means that all devices and endpoints can be set to one standard, minimising the opportunity for weak spots and gaps to appear. In the event of a breach, such as a member of staff clicking a malicious link, an XDR system can isolate the threat to stop it spreading and roll-back the endpoint to a safe state.
Although changing cyber security tactics should not be viewed as a cost cutting solution, vendor consolidation can certainly save money. By replacing multiple products that may overlap, reducing the man hours spent monitoring different systems and avoiding the consequences of a successful breach, businesses can get a better return on their investment.
Not all XDR systems are the same, and it is important to choose one that best suits the needs of a business. XDR has traditionally only been available for large enterprises. However, finding the right partnership can allow small and medium sized companies to customise the solution to fit their requirements without unnecessary extras.