The worlds of cybercrime and cybersecurity are constantly evolving, with myriad solutions on the market all purporting to help businesses, governments, and other entities protect themselves from the criminals behind ransomware, security breaches, and industrial espionage and IP theft.
With cybercriminals constantly changing their strategies to access and use protected data in an industry that is estimated to have cost corporates $6 trillion in 2021, and cybersecurity skills being particularly scarce in South Africa, it’s often challenging for businesses to know which cybersecurity interventions to put in place.
Many organisations have siloed approaches to security, with solutions from different vendors creating gaps that are found by malicious actors that grow over time. It’s these siloed environments that struggle the most to respond to a threat and recover from it, as security analysts must investigate and assess multiple possible points of attack before they can find the source, and then respond to it appropriately.
That’s why an XDR approach makes sense, as it’s designed to give organisations a holistic view of their cybersecurity status within their IT environment, along with the ability to respond quickly if a threat is identified.
That’s according to Trellix, a new business emerging from the unification of McAfee Enterprise and FireEye. Trellix delivers extended detection and response (XDR) to organisations, with a focus on accelerating technology innovation through machine learning and automation.
“An evolved XDR architecture that keeps on learning keeps businesses protected, helping them adapt and stay agile with an automated orchestration playbook that responds to active threats and a dynamic recalibration of prevention policies,” says Adam Philpott, chief revenue officer at Trellix.
Analyst firm Gartner defines XDR, or Extended Detection and Response, as a software as a service (SaaS-based, vendor specific security threat detection and response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licenced components.
It’s also defined as Cross-Product Detection and Response, with a third definition using the ‘X’ as a mathematical variable as a placeholder for the data sources that are being used as part of the solution.
The definitions overlap, but it’s the purpose of XDR that’s key, however you choose to define it: it’s been designed to answer the growing complexity of cybercrime, with a solution like the Trellix XDR platform offering tools that span security information and management; security orchestration, automation, and response; and user and entity behaviour analytics.
“We are continuously offering new solutions that leverage AI, machine learning, and advanced telemetry based on threat intelligence from more than one billion sensors across our enterprise and government customer bases,” Philpott adds.
This approach to ‘living security’ means that organisations benefit from a greater level of resilience to threats – without having to expand their internal cybersecurity teams. Because companies and their IT systems are living, constantly evolving environments, XDR makes it easier to manage cybersecurity, and to respond quickly and effectively to threats before they cost businesses money – in hard costs, opportunities, and reputational damage.
“Another key advantage of adopting an XDR approach is that it is open and integrated, and can leverage the tools that an organisation already has in place,” Philpott explains.
“That’s why we engage with each client to understand the maturity of their cybersecurity infrastructure, after which we work with them to deliver tangible tools and opportunities to leverage the best possible protection, while still honouring the contracts and commitments that they have in place with other security providers.”