What technology to protect the company from cyberattacks?

Faced with the intensification of acts of hacking and other cyberattacks, companies’ concerns related to cybersecurity have steadily increased in recent years.
It becomes clear to IT managers that the security model to adopt must be based on a scalable structure that will allow them to stay one step ahead in this changing environment.
Let’s go back to the inventory of cyber threats and the effective measures to put in place.

Cyber ​​threats, what risk for organizations?

It is important to remember that VSEs/SMEs – which represent nearly 95% of the French economic fabric – retain a largely distorted perception of the cyber risks they face: 80% consider that they are well protected even though a two declare that they have recently been the victim of cyber attacks[1],[2]. Recent news clearly shows that cyberattacks affect all organizations without discrimination, regardless of their sector or size. In a recent study[3]we even learned that 76% of companies that were victims of cyberattacks had paid a ransom.

Beyond the frequency of attacks, we also notice that they seem to gain a little more complexity every day. With advances in technology helping, cybercriminals are developing threats capable of entering systems through multiple entries, making their detection more difficult and their chance of success ever better. Only one possible conclusion: detection and response solutions centered exclusively on the workstation are no longer sufficient today to guarantee the organization optimal protection.

XDR, the future of cybersecurity?

Born from EDR (endpoint detection and response), the XDR (Extended Detection and Response) ecosystem offers to go even further by consolidating several products within a single incident detection and response platform. This cross-infrastructure capability is the common denominator of XDR, which at this stage is emerging as an optimal solution for preventing cyberattacks.

Fully automated, this system replaces the detection and investigation processes previously carried out manually by internal managers. Due to its “extensive” nature, an XDR interface is able to analyze and detect multiple security vectors – such as network, cloud, messaging, or other third-party security points – ultimately facilitating diagnosis. and decision-making for the people concerned by relieving them of time-consuming and administrative tasks.

While XDR is well and truly within the reach of any organization, realizing its benefits is dependent on the organization’s cybersecurity maturity. Organizations that do not have the resources (software or human) are likely to benefit quite clearly from such a solution. Mid- to high-maturity cybersecurity organizations, on the other hand, who mostly already have the resources, will see the main benefit that it is no longer necessary to perform manual work to make sense of the data, leaving the field free to further investigation and optimization of the decision and correction process.

What to look for in an XDR vendor?

Ultimately, any company that plans to equip itself with an XDR interface seeks to maximize its operational efficiency by reducing the risks impacting the company’s security. When evaluating XDR suppliers, it is then necessary to check whether the proposed solutions allow:

+ More detection preciseleading to more accurate prevention

+ A better adaptability to the evolution of technologies and infrastructures

+ Fewer blind spots and better overview

+ A time of detection fastest or average detection time (MTTD)

+ A time of correction or faster average response time (MTTR)

+ surveys faster and more accurate (fewer false positives)

When evaluating a supplier’s proposal, take the time to immerse yourself in the product to fully understand it and ask questions. Ask, for example, whether the data set has been automatically evaluated and sorted and whether or not the system provides the necessary steps to exploit it. Ultimately, it is essential to partner with a company that will help the company stay one step ahead of its adversaries and properly arm it against new emerging threats.

When evaluating vendors, look under the hood. While some vendors claim to offer a completely unified view in a single console or integrated XDR solution, ask if data from all separate vectors has been automatically evaluated and sorted, and whether or not the system provides meaningful and actionable next steps. .

By Fabien RechVice President EMEA of Trellix

[1] Source: Xefi / Ifop study published on December 13, 2021
[2] Source: Opinion Way study for Cesin published in January 2022
[3] Source: Vanson Bourne for Veeam, Business Impact of Ransomware Survey published May 2022

Leave a Comment