Page 57 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 57
Further adding to the challenges of cybersecurity, the pandemic-driven proliferation of remote workers
has dramatically expanded the potential attack surface, as has the increasing adoption of clouds,
containers, virtual machines, and other distributed resources. Compounding these challenges are
increasing compliance requirements, a growing number of regulatory policies, and the sheer volume of
technologies on the market that can address at least some portion of these challenges.
While the challenges of cybersecurity are many and diverse, a few key strategies or principles can cut
through the clutter and bring a greater degree of order and control for cybersecurity professionals. At a
high level, think of it is see – understand – act.
Lack of visibility, or the ability to ‘see’ granularly across assets connected to the network, can be one of
the biggest constraints on a successful security posture. To be effective, security needs visibility into all
assets, including networks, servers and services, applications, users – and north-south as well as east-
west traffic, including traffic between network components like clouds, VMs and containers.
A number of security solutions seek to fill the visibility gap, like the Secure Access Service Edge (SASE)
that merges SD-WAN with other security capabilities to offer greater visibility into scattered assets and
services. Yet another solution, Micro-segmentation, is designed to mitigate threats and vulnerabilities in
east-west traffic between VMs and containers.
However, note that these technologies are most likely isolated from each other, or siloed. A newer
solution called eXtended Detection and Response, or XDR, leverages other security technologies (like
SASE, NGFW, WAF, and micro-segmentation) to aggregate data and deliver deep visibility into traffic
into, out of and within the network and its assets.
The second part of the strategy, ‘understand,’ means gaining insights from traffic and other data that
allows accurate analysis and characterization of potential attacks, threats and anomalies. For example,
multi-stage, multi-layer attacks have evolved to camouflage themselves as normal traffic to elude security
tactics, but usually leave subtle traces that can lead to their discovery and mitigation. By aggregating and
analyzing data across the entire network and assets, these threats can be detected much faster and with
far greater accuracy.
This step of the strategy also addresses a challenge faced by many security teams. As point security
products have multiplied in typical networks, the number of alerts and alarms has risen dramatically,
leading to a syndrome dubbed “alert fatigue.” Security teams often struggle to keep up and discern
legitimate threats from false positives.
Over the years, a number of products have been developed to address these dual concerns, however
many of them are cumbersome and costly. Here, too, XDR offers a number of benefits in threat correlation
analysis. Using AI and ML-enhanced methods as well as cloud-based threat intelligence, XDR evaluates
the aggregated data it gathers from other network-connected devices and identifies potential threats with
a great degree of accuracy – including disguised attacks that might otherwise be missed.
With granular visibility and thorough analysis in place, the final step of the strategy can be enabled. ‘Act’
refers to the ability to automate security responses to well-defined threats, relieving security staff of many
manual interventions. An XDR solution, for example, can orchestrate security ‘playbooks’ across multiple
security products, like NGFWs, WAFs and others, to provide a comprehensive response to threats.
57
