How AI-Driven XDR Defeats Ransomware
Security teams shouldn’t need to manually triage and investigate disparate alerts from an array of solutions–they need to focus on shutting down a ransomware campaign as quickly as possible...
Anthony M. Freed
Most organizations are planning to increase their cybersecurity budgets for 2022. In a 2021 survey covered by Dark Reading, 81% of organizations revealed that they’re committed to growing their cybersecurity budgets over the coming year.
About a quarter of those survey participants said that they were planning to increase their budgetary allocations by as much as 50%. Meanwhile, forty percent of respondents said they were planning to raise their budgets between 11% and 30%.
Let’s take a moment to appreciate what these changes might look like: Gartner estimates that global spending on information security and risk management will reach $172 billion in 2022, reported CSO. That’s up from $155 billion in 2021 and $137 billion a year before that.
The tech research and advisory firm predicted a large cut ($77 billion) of that total will go to security services. Infrastructure protection came next at $30 billion, followed by network security equipment at $19 billion, as well as identity and access management at $17 billion.
Simply put, cyberattacks are evolving in complexity in such a way that organizations need to do something to improve their defenses significantly. First, there’s the fact that the cost of a data breach continues to rise. The Cost of a Data Breach Study 2021 found that the average costs associated with a data breach grew from $3.86 million in 2020 to $4.24 million just a year later.
The costs of a successful attack varied depending on multiple factors, one of them being dwell time. Indeed, the study found that attackers typically spent 287 days in a victim’s network before security teams found them. Those instances cost organizations $4.87 million, or $630,000 more than the average. By contrast, data breaches detected in fewer than 200 days cost just $3.61 million.
The costs resulting from a data breach aren’t the only thing that’s gone up in recent years–so too has the sheer volume of data breaches in general. In October 2021, for instance, the Identity Theft Resource Center (ITRC) shared that U.S. organizations had suffered a total of 1,291 data breaches between January 1 and September 30 of that year. This total is greater than the 1,108 data breaches experienced by organizations throughout 2020.
The findings discussed above highlight the need for organizations to invest in detection and response. That’s easier said than done, however. Not all solutions provide organizations with meaningful detection and response capabilities.
Take Security Information and Event Management (SIEM) solutions as an example. They might be able to help to centralize threat alert information, but they require the use of a data lake structure and cloud analytics. These resources tend to be very expensive and can undermine the effectiveness of a SIEM depending on the data sources to which they have access.
Moreover, SIEMs generate too many alerts and false positives, increasing the sense of alert fatigue that might already be plaguing the security team. False positives can also contribute to a sense of alert fatigue, a sentiment that diminishes the overall effectiveness of infosec professionals.
If security teams repeatedly determine that there’s no threat at the end of an investigation, they might be less inclined to respond to future alerts. This increases the likelihood of an organization suffering a digital attack.
Security Orchestration, Automation, and Response (SOAR) is another tool that’s limited in its value. Most SOAR platforms suffer from the same shortcomings that characterize SIEMs, but there are a few additional drawbacks to consider.
First, they require integrations with other security tools for their response capabilities to work. The issue is that SOAR offerings don’t always allow for the necessary integrations depending upon the nature of an organization’s security requirements and the makeup of its security stack.
Second, organizations often need to build customized automated workflows for response playbooks upon deployment. This process can require a considerable upfront investment in terms of time and money and requires personnel with the right skill sets to build and maintain those systems.
And then there’s Endpoint Detection and Response (EDR). Sure, it’s a significant step up from traditional antivirus endpoint solutions. However, EDR still only provides continuous threat detection and response at the endpoint level, and it does not extend these priorities anywhere else in an organization’s infrastructure. This is where organizations can benefit from an Extended Detection and Response (XDR) solution.
XDR takes the same concepts delivered by an Endpoint Detection and Response (EDR) solution—like continuous monitoring and threat detection coupled with an automated response—and applies them beyond the endpoint across an organization’s entire ecosystem.
This includes application suites, cloud workloads and containers, user personas, and more. In doing so, XDR provides security teams with the visibility and contextual correlations they need to detect and stop entire malicious operations wherever the activity is taking place on an organization's network.
The main benefit that motivates organizations to embrace an AI-driven XDR solution is its ability to gather security telemetry from disparate parts of the network and correlate them to produce a complete picture of all related elements of an attack, and then automate responses from within the platform, basically eliminating the need for SIEM and SOAR tools in most circumstances.
This functionality enables an AI-driven XDR solution to deliver the deep context and correlations that security teams need to take meaningful actions about unfolding security incidents in real-time, as opposed to analysts spending their precious time triaging and investigating uncorrelated alerts and wading through false positives–none of which stops attacks.
XDR provides an operation-centric approach, where information silos are no longer a limiting factor for achieving comprehensive visibility. It combines telemetry from EDR, antivirus, firewalls, CWPP (cloud workload protection platforms), and other solutions the intelligence into one frame of reference with an emphasis on detecting the malicious behaviors that drive the attack campaign forward.
An AI-driven XDR solution enables organizations to embrace an operation-centric approach to security that delivers the visibility organizations require to be confident in their security posture across all network assets and the automated responses to halt attack progressions at the earliest stages.
In addition, an AI-driven XDR solution should provide Defenders with the ability to predict, detect and respond to cyberattacks across the entire enterprise, including endpoints, networks, identities, cloud, application workspaces, and more.
Cybereason is dedicated to teaming with Defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about Cybereason AI-driven XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.
Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.
All Posts by Anthony M. FreedSecurity teams shouldn’t need to manually triage and investigate disparate alerts from an array of solutions–they need to focus on shutting down a ransomware campaign as quickly as possible...
An AI-driven XDR solution enables SecOps teams to embrace an operation-centric approach that delivers the visibility required to halt attack progressions at the earliest stages...
Security teams shouldn’t need to manually triage and investigate disparate alerts from an array of solutions–they need to focus on shutting down a ransomware campaign as quickly as possible...
An AI-driven XDR solution enables SecOps teams to embrace an operation-centric approach that delivers the visibility required to halt attack progressions at the earliest stages...
Get the latest research, expert insights, and security industry news.
Subscribe