The state of corporate security is uneven. Many are well on their way to security maturity, while others are just starting. Given mounting compliance concerns and an ever-evolving rogue’s gallery of threats, that journey through the threat landscape needs to accelerate.
Some have been thinking about security for a very long time as connected computing and data protection were already core parts of their business. Others are just getting to grips with it – and they face a long road and some treacherous outcomes if they don’t speed up.
As it is often said in cybersecurity – attackers will choose the path of least resistance. Hackers may become deterred when targeting a huge organization because, although they might be a more valuable target, the headache of attacking a security-mature organization often isn’t worth the cost. So instead, they’ll go next door – to a more easily exploitable neighbor.
The presence of a SecOps team is a crucial difference here. Bringing together the right arrangement of technologies and talent into a dedicated SecOps team is often the distinction between a mature and immature security posture. That’s not easy these days. There is currently a global shortage of cybersecurity talent. Research from the Enterprise Strategy Group and the Information Systems Security Association (ISSA) has shown that 76% of cybersecurity professionals report difficulty recruiting security professionals.
However, that doesn’t have to be the case. Organizations can take a shorter road to security maturity than they might expect. The right path lies in integrating existing capabilities, then automating and streamlining their functions so that even a small team can do the work of a fully mature SecOps team.
Many of the current household cybersecurity tools come with more complexity than a security team can manage. Security teams at even mature organizations are deluged with false positive alerts and unintegratable tools that provide a patchwork vision of their networks and often complicate visibility.
A complete view of the infrastructure, including traditional on-premise networks, endpoints and cloud applications, is required to defend the enterprise adequately. An emerging set of technologies, called extended detection and response (XDR), is rising to meet precisely this kind of problem. XDR integrates and provides visibility across various security and business tools, enabling a single view of the security program in one platform.
It collects data from all over the network – email logs, endpoints, servers, cloud data and elsewhere – and uses it to drive better insights and quicker responses. Even modest security teams can better detect, investigate and respond to threats with those in hand. XDRs also provide security performance data and enable automation, allowing a security team to mature their practices and procedures constantly.
XDR users can further shortcut their road to security maturity with the help of an outside incident response service to monitor threats in the environment and provide customized threat intelligence and extended 24/7 coverage.
XDR is still at an early stage, and the market is full of security vendors claiming that they have XDR capabilities. This confusion makes it challenging to evaluate XDR solutions. Often, vendors are pushing XDR solutions that require specific point products or a suite from each vendor. This could make the solution quite expensive and necessitate a large-scale uprooting of the tools and systems that a company already has in place.
Hybrid, or open, XDR is an attempt to make XDR vendor-neutral so that users can combine various tools according to their own specific needs. Companies can thereby enable the necessary visibility using their existing tools without buying a whole raft of new ones from one vendor. This can be a force multiplier for those who can’t afford the maturity that comes with a mature SecOps team.
While mature companies can adequately protect themselves, less mature organizations could have a long and potentially hazardous road to travel. XDR provides a way for immature companies to shorten their route to security maturity significantly.
John Fedoronko vice president of sales – EMEA, ReliaQuest