We asked CIOs and CISOs what keeps them up at night, and the two main concerns are reducing security risks and improving analyst confidence and productivity. CxOs must report to corporate boards, and members of those boards are getting smarter about asking probing questions about the company’s security posture. CxOs need answers to those questions, and XDR solutions can help a lot, but there’s more to be done.
In the first wave, XDR was all about getting visibility across the whole attack surface and out-of-box detections and correlating alerts automatically to reduce the burden on analysts. By grouping alerts together through leveraging AI and ML technologies from multiple tools, XDR helps eliminate attack detection delays because analysts can see related alerts on one console instead of having to track multiple consoles for multiple tools. In fact, our Open XDR platform makes it especially easy to focus on the important alerts because it automatically groups them into actionable, contextual incidents.
The second wave of XDR was about automating responses. Now with AI / ML building a baseline of known threat and contextual situations, XDR systems can automatically take protective actions such as shutting down firewall ports by communicating directly to cybersecurity systems. This not only further improves analyst productivity, but it also reduces risk by stopping understood and characterized intrusions more quickly than humans can act. This is the natural next step in XDR adoption and is helping to improve the benefits of productivity and confidence. In our Open XDR platform, there are pre-defined playbooks for taking automatic protective actions, and our customers can easily write new ones of their own.
The third wave of XDR is all about reducing future risks. Picture the CxO in a boardroom fielding such questions as, “What are we doing about ransomware?” or “Where are the key risks today and what are we doing about them?” CxOs need predictive analysis to identify the weak spots in their security infrastructure.
Security teams can do root cause analysis today, but that’s a reactive response to attacks that have already occurred. People need continuous evaluation of their security postures to proactively reduce their risks, especially when it comes to certain high-impact attacks, such as ransomware attacks. Do we have sufficient information collected to detect the attack? Are there any vulnerabilities that may be exploited? Are there any misconfigurations that make it easier for the attackers to get in.
Stay tuned for more developments and reach out to Aimei Wei, CTO of Stellar Cyber to continue the conversation: [email protected]