Detection and Response
How XDR Security Aids in Cyber Risk Management
Trend Micro's VP of Threat Intelligence, Jon Clay, explores the latest trends in today's threat landscape and why XDR is key to better understanding, communicating, and mitigating cyber risk across your enterprise.
Extended detection and response (XDR) collects and correlates deep threat activity data across multiple security layers, including email, endpoint, server, cloud workload, and network. This enables faster detection, investigation, and response to threats, limiting the scope of an attack and reducing cyber risk.
Forrester New Wave™: Extended Detection and Response (XDR) overview
I’m proud to share the Forrester New Wave™: for Extended Detection and Response (XDR) that named Trend Micro a Leader in both current offerings and strength of strategy. I’d like to explore why it’s important for organisations to leverage a unified cybersecurity platform with XDR capabilities to protect themselves against evolving threats across their growing attack surface.
Current threat landscape trends
With the recent rash of ransomware attacks, we’re seeing more effective malicious actors who are successfully targeting their victims. How are they able to do this? Here are some key factors enabling their success:
- There is a lot of up-front intelligence gathering by the malicious actors to determine who they want to target, why they want to target them, and how, where, and when do they want to launch their attacks. All of these will be nailed down prior to the attack occurring, making their attacks smoother and harder to catch.
- In many cases, the attack campaign is being orchestrated through collaboration within different groups: Access as a service teams (initial access brokers) will work with a team that is very good at lateral movement. After the network has been compromised, they sell access to a ransomware as a service affiliate who may initially steal data to extort and then launch their ransomware infection.
- These attacks will cross many areas of the network. They may start at an employee’s system via phishing, or an open IP they compromise, but very quickly after mapping the network, they will laterally move to data centres, cloud infrastructures, and OT networks. They will also utilise email, web, exploits, and other attack surfaces, which are ever-expanding due to digital transformation and remote workforces.
- Counter incident response will be utilised throughout the attack to ensure their activities are not seen by defenders. Legitimate tools will be used maliciously to hide their tracks in this living off the land tactic.
- Multiple extortion models will be incorporated that could include data stealing, DDoS, ransomware, and even contacting your customers to put pressure on you to pay their extortion fees.
XDR: The missing piece of the security puzzle
Organisations are dealing with adversaries that are well coordinated and their success rate has been growing over the years. Weaknesses in an enterprise’s security strategy and infrastructure coupled with a growing attack surface also lend a hand to making attacks more successful.
Namely, existing security infrastructure tends to be siloed across their network. Lack of integration and collaboration between independent security solutions causes too many alerts without context, overwhelming security teams and diminishing their visibility across the entire attack surface.
This is where a unified cybersecurity platform like Trend Micro One with industry-leading endpoint detection and response (EDR) and XDR makes a difference. EDR is the foundation for strong XDR capabilities which improves defence and minimises dwell time of the adversary within their network by integrating security between endpoints, email, web, servers, cloud environments and across network traffic.
This integration allows security teams to identify and correlate attacks that are happening in different areas of the network to deliver information about an ongoing attack. Correlated data leads to less, but highly actionable alerts, reducing the time it takes an organisation to respond and remediate an ongoing attack.
Leveraging the Forrester New Wave™ evaluation
We invite you to read The Forrester XDR evaluation to make an informed decision when choosing a unified cybersecurity platform to protect your digital attack surface.
Trend Micro was evaluated against 10 criteria alongside the most significant XDR providers including Microsoft, McAfee, and Crowdstrike. The evaluation also provides customer references for more insight beyond the analyst evaluations.
You can also learn more about our strong endpoint protection capabilities in The Forrester Wave™: Endpoint Detection and Response (EDR), Q2 2022. Trend Micro was one of three vendors to be named a Leader, receiving a five out of five score in investigation capabilities, ATT&CK alignment, extended capabilities, innovation roadmap, and five other criteria.
Next steps
For more insights into the benefits of a unified cybersecurity platform, check out these resources: