By Gareth Pritchard

The world continues to become ever-more interconnected and how we use technology changes on a regular basis. Therefore, an organisation’s cyber security must keep up with this technological pace of change to effectively identify, respond to, and defend against cyber threats. Organisations are increasingly looking to Extended Detection and Response (XDR) solutions and managed service providers (MXDR) to tackle these challenges. 

A tangible shift in the cyber security posture of many organisations is a move from protect and defend to operational resilience. This operational resilience focuses on the ability to continue to deliver critical business operations throughout a security incident. To achieve operational resilience, organisations must act quickly, reduce the impact of ‘patient zero’ and attack paths, respond with integrated actions across the environment, and understand, contextualise and act on threat knowledge and intelligence and how it impacts your business.  

There is a plethora of tools on the market that claim to tackle any and all cyber security challenges that a business may face. However, an effective cyber operational resilience strategy requires tools, people and processes to work in harmony. This enables risks to be categorised, prioritised, and acted upon as quickly as possible to disrupt malicious activities and protect critical processes, data and operations. 

Organisations face many challenges when it comes to cyber security depending on (amongst other things) their security maturity, regulation, investment, risk tolerance and industry. Organisations must now secure a multitude of assets including, but not limited to, physical systems; cloud and on-premise infrastructure; people and identities; and converged IT/OT systems – a broad attack surface to manage and protect. 

The case for consolidation and interconnectivity 

Security threats don’t discriminate based on the size of your business: companies of all sizes face security threats. Increasingly, SMBs are leveraging similar technologies and services to enterprises, meaning their attack surfaces are similar. According to Verizon’s 2021 Data Breach Investigation Report, 46% of cyber breaches impacted businesses with fewer than 1000 employees. Additionally, a recent study by Checkpoint (Checkpoint 2024 Predictions, CISO Insights) shows that small businesses have, on average, 20 cyber security point solutions, rising to over 100 for enterprises. Therefore the need to have cyber security tools is well understood. However, perhaps they are not operating as effectively as they could be within an organisation’s integrated people, process and technology resilience arsenal.   

Therefore, in the rapidly evolving cyber security arena, it is vital for tools to have the ability to work together to provide integrated detection, response and containment activities for a swift and effective defence. 

We see a significant need for organisations to rationalise the number of cyber security tools in use. There are many benefits to this approach, including: 

  • It can often lead to a more cost-effective solution 
  • There is a smaller technological integration challenge, as internal teams need to be skilled in fewer interfaces and approaches  
  • It provides a more transparent, ‘outcome-focused’ response posture with fewer integration steps (either system or human) and more visibility across your estate, leading to faster, more effective responses

Integrated visibility, effective response 

Organisations that use XDR solutions (independently or via managed service partnership) are able to leverage increased, interconnected visibility and active responses to reduce the time needed to disrupt malicious activity.  

When organisations are evaluating their approach, they should consider the following criteria as part of a more comprehensive selection process: 

  • Threat intelligence  
  • How the solution provides you with an understanding of your Threat Intelligence (TI) landscape and how TI data is leveraged across components to provide you additional analytic context, prioritisation and actionable next steps 
  • Broad visibility to mitigate your exposure 
  • The solution must be able to take data from multiple sources to combine ‘weak signals’ from the noise into ‘stronger signals’ for investigation. This data must be correlated quickly and accurately to run alert and response playbooks. The solution must take from sources such as endpoints, servers, identity, APIs, cloud, firewalls, Threat Intelligence, network, collaboration, and others to ensure complete coverage 
  • Analytics and Integration into your ecosystem
  • The solution should utilise advanced analytics and workflows to support prevention, detection and response playbooks and integrate into your incident response processes and change control systems (such as ITSMs)
  • Responsiveness as standard
  • When incidents do happen, response actions such as containment, identification challenge and ‘process kill’ commands must be rapid, repeatable and impactful to contain the breach and protect critical operations
  • Security Orchestration, Automation, and Response (SOAR)
  • Whether the solution leverages SOAR to increase efficiency and precision and optimise your human-intelligence (HI) resources
  • Artificial Intelligence/Machine Learning (AI/ML)
  • While still a relatively young technology, effective use of AI/ML provides organisations with the ability to automate, identify anomalies and streamline workloads quickly and efficiently to serve as a ‘heavy-lifter’ for your human-intelligence so that they can focus on the interpretation of the data and using their skill, experience and intuition to hunt for anomalous activity 
  • Be measurable and effective 
  • The solution must be able to improve your cyber security posture measurably, reduce the time to detect, respond and remediate security incidents as well as ideally being able to demonstrate the increased return on investment from a consolidated, platform-based solution 

Your future defence today 

Ultimately, XDR solutions allow smaller or over-worked security teams to use a fewer number of tools to achieve a more significant outcome. With the number of vacancies in the global cyber security job market continuing to grow (up by 350%, from 1 million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures), organisations need to leverage technology, automation and partnerships to save the time of their valuable people. 

Microsoft recently commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realise by deploying Microsoft Sentinel11 They found that leveraging Sentinel increased efficiency from the reduction of false positives by up to 79% and reduction of labour effort for advanced, multi-touch investigations by 85%. Additionally, they found it reduced the likelihood of a data breach by 35%. Moreover, investing in security solutions that offer business-enabling benefits and those that adapt to the ever-changing threat and technology landscape is vital.  

Ollie Whitehouse, Chief Technology Officer of the UK’s National Cyber Security Centre (NCSC), recently said, ‘Understanding the threat is no longer our primary challenge; we understand it properly. The true dilemma lies in how we translate this understanding into actionable impact’.22  

With this in mind, organisations need to adopt a resilient cyber security posture that continuously develops as threats and technology landscapes change in order to provide robust mechanisms that take meaningful action to protect the business. I believe that organisations can be resilient to attacks only through increased interconnectivity of defences and the ability to take action quickly. Through exposure mitigation and implementing solutions like XDR (either independently or through a managed service provider to extend your security team), organisations will be able to minimise their attack surfaces, gain visibility, optimise their software licenses and respond with integrated actions. 

Organisations should invest in solutions like XDR, which combines advanced technologies with response and containment activities and integrates and operates with their existing people and processes to obtain and manage the security posture right for their business. 

2 To tackle the evolving threat landscape, stronger strategies and interventions are crucial, says Cyber Security expert – King’s College London (kcl.ac.uk) 

  1. The Total Economic Impact™ Of Microsoft Sentinel (forrester.com) ↩︎
  2.  To tackle the evolving threat landscape, stronger strategies and interventions are crucial, says Cyber Security expert – King’s College London (kcl.ac.uk)  ↩︎

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *