What is the Importance of XDR in Cloud Security?

October 13, 2021 | 4 minute read

Organizations are increasingly turning to hybrid-cloud and multi-cloud strategies as ways of keeping up with their evolving business needs. A majority (92%) of organizations already had a multi-cloud strategy at the start of the year, according to Beta News, while 80% were working with hybrid cloud environments at that time.

Those figures could very well increase in the next few months, however. The International Data Corporation (IDC) said that it expects 2021 to be the year of multi-cloud, reasoning that many enterprises will turn to a combination of on-premises, off-premises, and cloud-based systems as their default environments. Similarly, Deloitte forecasted that 90% of global enterprises will be using a hybrid cloud strategy by 2022.

Why Multi- and Hybrid-Cloud are Difficult to Secure

Notwithstanding their potential business benefits, multi-cloud and hybrid cloud strategies introduce several security challenges for organizations. Chief among them is the complexity of trying to coordinate security policies, processes and actions across multiple cloud providers.

As noted by CSO, IT and security teams need to navigate that complexity and achieve visibility over their different cloud environments (while minimizing instances of shadow IT) so that they can visualize threats that might try to use multi-cloud environments to their advantage by hiding in the network seams.

The hurdles associated with multi-cloud and hybrid-cloud strategies don’t end there. Per TechBeacon, these types of environments complicate many organizations’ ongoing use of manual checks to confirm whether they’re complying with custom or regulatory requirements. This process is already time consuming and prone to errors, but it becomes even more so when multiple cloud providers become involved.

The same goes for reviewing the security of an organization’s supply chain. As shared by Help Net Security, enterprises had an average of 5,800 vendors in 2020, and that number was expected to grow 15% by the end of 2021. Organizations need to maintain visibility over those vendors so that they can manage the security of their systems and assets. But when they’re deploying third parties’ products and software across multiple cloud environments, this can become difficult.

Where Some Security Solutions Fall Short

It doesn’t help that many of today’s security solutions can’t keep up with the migration of workloads to the cloud. Some vendors simply do not have the ability to ingest all available telemetry for Endpoint Detection and Response (EDR), so they do "data filtering" where telemetry is eliminated even though it might be useful for detection. They simply must do this, as all data has to be sent to the cloud to be analyzed before they can return a detection.

If their platforms cannot currently handle all available endpoint telemetry to make detections via EDR, how will those providers’ tools ever be able to effectively ingest even more telemetry from non-endpoint sources like cloud workloads/containers, user identities, an array of business application suites, etc.?

Answer: they simply can't. Indeed, EDR-based solutions can’t provide adequate protection in today’s complex networks because they are limited to securing endpoints - that means no Internet of Things (IoT) devices, no applications, no user identities, no applications and no cloud environments.

Taking Cloud Security to the Next Level with XDR

Clearly, organizations need something more if they’re going to integrate security across on-prem and cloud-based assets. That’s where Extended Detection and Response (XDR) comes into play. As we discussed in a previous post, XDR builds on the success of EDR by automatically correlating security and event data not just from endpoints but other critical parts of an organization’s IT infrastructure.

That includes off-premises workstations, public cloud deployments, and private cloud environments. Organizations can then use that data to stay ahead of emerging threats that take aim at their cloud deployments, supply chain, and security overall.

XDR leverages AI-based correlation decisioning to eliminate false positives and provide high-fidelity detections across the entire network infrastructure from a single console. As a result, teams responsible for ensuring their employer’s security become more productive in that they can identify threats wherever they reside more quickly and determine the scope of those threats more efficiently.

The Cybereason XDR Advantage

Cybereason XDR goes even one step further by freeing organizations from needing to rely on IOCs for threat detection and response. Signature-based detection isn’t as effective in the age of fileless malware and Living off the Land (LOTL) tactics. What’s more, new attack campaigns are constantly emerging; vendors haven’t seen every malicious operation before they happen, a reality which leaves organizations vulnerable if they only rely on IOCs for protection.

Acknowledging this, Cybereason designed its XDR platform to draw upon both IOCs as well as Indicators of Behavior (IOBs), which provide insight into some of the more subtle signs of compromise. With that intelligence, security teams can gain visibility over an entire attack chain wherever it’s occurring so that they can stop it in its tracks.

The Cybereason XDR Platform comes with dozens of out-of-the-box integrations, and is designed to provide visibility organizations require to be confident in their security posture across all network assets, and delivers the automated responses to halt attack progressions, eliminating the need for both SIEM and SOAR solutions. Organizations can enjoy these benefits whether they drop their SIEM and SOAR entirely or augment it with Cybereason XDR.

Cybereason XDR:

    • Delivers Enterprise-Wide Security: Cybereason XDR reverses the attacker advantage and returns the high ground to the defenders by extending detection and response capabilities across the broader IT ecosystem that makes up modern enterprise environments. Defenders can pinpoint, understand and end any MalOp™ (malicious operation) across the entire IT stack whether on premises, mobile or in the cloud.
    • Enables Visualized Investigations: Cybereason XDR eliminates obstacles to effective detection and response, including log management and data collection tasks, agent deployment and maintenance cycles, and convoluted syntax languages for data extraction and behavioral detections. XDR breaks through data silos and unifies device and identity context in a single, visual investigation experience. Empower your curious analysts to remain focused on the mission without being distracted by manual tasks.
    • Reverses the Adversary Advantage: Cybereason XDR enables frictionless adoption of advanced detections built by and shared with the larger community of defenders. United in our efforts we can increase the burden on the attackers so they are forced to relinquish the advantage they have enjoyed for too long.

Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Cybereason Security Team
About the Author

Cybereason Security Team

The Cybereason Security Team champions cyber defenders by providing future-ready attack protection that unifies security from the endpoint, to the enterprise, to everywhere the battle moves. The Cybereason Defense Platform combines the industry’s top-rated detection and response (EDR and XDR), next-gen anti-virus (NGAV), and proactive threat hunting to deliver context-rich analysis of every element of a Malop (malicious operation). The result: defenders can end cyber attacks from endpoints to everywhere.

All Posts by Cybereason Security Team