Adversaries are getting more impactful and dangerous with each passing day. They learn from each other, exchange tools and knowledge, and work like a community to launch sophisticated cyberattacks. Unfortunately, there are now many ways to gain an entry into an organisation’s network, and adversaries know all of them. If one approach does not work, they will typically try another until they find a foothold inside a network.
Sophos’ Active Adversary Playbook 2021, which details attacker behaviours and their tools, techniques, and procedures (TTPs), shows that the median attacker dwell time before detection was 11 days. This means adversaries have 11 days between their initial foothold and being detected. In this time, adversaries try to get control of all the computers on a network so they can steal as much data as they can and scramble as many devices as possible, thus leaving an organisation in the most vulnerable position possible.
In order to prevent adversaries from gaining an entry to an organisation or to minimise the damage in case they get an entry, Chief Information Officers (CIOs) or Chief Information Security Officers (CISOs) should make sure that they have technologies and services that help them to have necessary prevention and detection in their organization’s cybersecurity defense.
Below are key must-haves that local CIOs or CISOs should deploy within their organisations:
Extended Detection and Response (XDR) solution: Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) are important tools for threat hunting. What these essentially do is help organisations to hunt across their environment to detect indicators of compromise (IOCs) and indicators of attack (IOA).
While EDR are powerful tools, they are limited to detection and response on endpoints and servers.To defend IT infrastructure more comprehensively an integrated detection and response system is key. This is where XDR comes in. XDR takes the idea of EDR and extends it. It goes beyond the endpoint and server, incorporating data from other security tools such as firewalls, email gateways, public cloud tools and mobile threat management solutions.
Managed Detection and Response services: Adversaries are changing their tactics, techniques, and procedures to increasingly launch cyberattacks that combine automation with active human interaction or “hands-on-keyboard” hacking. As businesses see a constant increase in the cyberattacks leveraging these attack methods, CIOs need to ensure their current cybersecurity defenses can stand up against active cyberattackers by leveraging a managed detection and response provider which can conduct threat hunts, detect attacks, investigate suspicious activity, and respond to incidents.
Security operations require the right tools, people, and processes in-house to effectively manage security around-the-clock. Yet, many businesses struggle to put all of these much-needed pieces in place. This dilemma has given way to a new solution: Managed Detection and Response (MDR) services.
MDR services are outsourced security operations delivered by a team of specialists. MDR services act as an extension of organisations’ security team, combining human-led investigations, threat hunting, real-time monitoring, and incident response with a technology stack to gather and analyse intelligence.
Synchronised Security Technology: Irrespective of the size of enterprises, native endpoint, server, firewall, and email security are foundational for any IT security strategy. Unfortunately, for some time, these solutions simply didn’t communicate with each other – they were independent and isolated silos which limited their effectiveness and their manageability.
It is imperative for businesses to understand the importance of linking leading security solutions in a co-ordinated and integrated approach. Technology like synchronised security that integrates native endpoint, server, firewall, and email security is the need of the hour as it delivers better protection – and better manageability – for organisations of any size.
(The writer is the Sophos Managing Director Sales – India and SAARC)