BrainBlog for Gigamon by Jason Bloomberg
Managing risk is a top priority for every business executive — and given the prevalence of successful cyberattacks, cybersecurity risk is at the top of the list of challenges facing every organization.
Managing cybersecurity risk is like playing a never-ending game of Whack-a-Mole — except the number of moles seems to be infinite, while your hammers are expensive and in limited supply.
Worst of all, many of the moles are smart.
Pounding away at where you expect the critters to pop up isn’t good enough. You must also recognize and target your blind spots.
After all, the blind spots are precisely where attackers — the moles — are looking to penetrate your network.
Identifying the Blind Spots
The starting point for any cybersecurity effort targets where you expect the attackers to strike — the holes in the Whack-a-Mole game board, so to speak.
These targets are endpoints — the computers, devices, and other equipment that can host endpoint detection and response (EDR) agents. By leveraging these agents, your EDR technology can whack the attackers whenever they attempt to breach an endpoint.
EDR, however, has plenty of obvious blind spots. The most obvious: any endpoint that can’t run an agent, either because the technology doesn’t support it or for some other reason, like a regulatory compliance restriction.
Other blind spots aren’t as obvious. The agents themselves, for example, can also present many blind spots, since bad actors can compromise or disable the agents.
Software drivers also have blind spots. When users inadvertently install their own vulnerable drivers on their devices, EDR solutions are woefully unprepared to deal with the resulting vulnerabilities.
Enter extended detection and response (XDR). XDR goes beyond agents, collecting logs and other security telemetry from endpoints, cloud workloads, email, and other sources. It’s basically an evolution of the EDR market. XDR then uses artificial intelligence (AI — machine learning in particular) to parse and correlate ingested data to automatically detect threats.
XDR works similarly to security information and event management (SIEM) platforms that also collect and correlate log data to generate alerts and identify potential security issues.
XDR can do everything EDR can do and more: It can extend EDR protection beyond endpoints to cloud workloads, servers, email, and containers.
And then there’s network threat detection and response (NDR). NDR offers a centralized and automated system for analyzing and responding to security incidents, providing protection against both known and unknown threats that may traverse the network.
Implementing NDR enhances your visibility into network blind spots and ability to effectively identify any suspicious entities or activities within your network.
Are XDR or NDR the solutions to your Whack-a-Mole problem? Not so fast.
Read the entire BrainBlog here.
