What is the Importance of XDR in Cloud Security?

October 13, 2021 | 3 minute read

Organizations are increasingly turning to hybrid-cloud and multi-cloud strategies as ways of keeping up with their evolving business needs. A majority (92%) of organizations already had a multi-cloud strategy at the start of the year, according to Beta News, while 80% were working with hybrid cloud environments at that time.

Those figures could very well increase in the next few months, however. The International Data Corporation (IDC) said that it expects 2021 to be the year of multi-cloud, reasoning that many enterprises will turn to a combination of on-premises, off-premises, and cloud-based systems as their default environments. Similarly, Deloitte forecasted that 90% of global enterprises will be using a hybrid cloud strategy by 2022.

Why Multi- and Hybrid-Cloud are Difficult to Secure

Notwithstanding their potential business benefits, multi-cloud and hybrid cloud strategies introduce several security challenges for organizations. Chief among them is the complexity of trying to coordinate security policies, processes and actions across multiple cloud providers.

As noted by CSO, IT and security teams need to navigate that complexity and achieve visibility over their different cloud environments (while minimizing instances of shadow IT) so that they can visualize threats that might try to use multi-cloud environments to their advantage by hiding in the network seams.

The hurdles associated with multi-cloud and hybrid-cloud strategies don’t end there. Per TechBeacon, these types of environments complicate many organizations’ ongoing use of manual checks to confirm whether they’re complying with custom or regulatory requirements. This process is already time consuming and prone to errors, but it becomes even more so when multiple cloud providers become involved.

The same goes for reviewing the security of an organization’s supply chain. As shared by Help Net Security, enterprises had an average of 5,800 vendors in 2020, and that number was expected to grow 15% by the end of 2021. Organizations need to maintain visibility over those vendors so that they can manage the security of their systems and assets. But when they’re deploying third parties’ products and software across multiple cloud environments, this can become difficult.

Where Some Security Solutions Fall Short

It doesn’t help that many of today’s security solutions can’t keep up with the migration of workloads to the cloud. Some vendors simply do not have the ability to ingest all available telemetry for Endpoint Detection and Response (EDR), so they do "data filtering" where telemetry is eliminated even though it might be useful for detection. They simply must do this, as all data has to be sent to the cloud to be analyzed before they can return a detection.

If their platforms cannot currently handle all available endpoint telemetry to make detections via EDR, how will those providers’ tools ever be able to effectively ingest even more telemetry from non-endpoint sources like cloud workloads/containers, user identities, an array of business application suites, etc.?

Answer: they simply can't. Indeed, EDR-based solutions can’t provide adequate protection in today’s complex networks because they are limited to securing endpoints - that means no Internet of Things (IoT) devices, no applications, no user identities, no applications and no cloud environments.

Taking Cloud Security to the Next Level with XDR

Clearly, organizations need something more if they’re going to integrate security across on-prem and cloud-based assets. That’s where Extended Detection and Response (XDR) comes into play. As we discussed in a previous post, XDR builds on the success of EDR by automatically correlating security and event data not just from endpoints but other critical parts of an organization’s IT infrastructure.

That includes off-premises workstations, public cloud deployments, and private cloud environments. Organizations can then use that data to stay ahead of emerging threats that take aim at their cloud deployments, supply chain, and security overall.

XDR leverages AI-based correlation decisioning to eliminate false positives and provide high-fidelity detections across the entire network infrastructure from a single console. As a result, teams responsible for ensuring their employer’s security become more productive in that they can identify threats wherever they reside more quickly and determine the scope of those threats more efficiently.

The Cybereason XDR Advantage

Cybereason XDR goes even one step further by freeing organizations from needing to rely on IOCs for threat detection and response. Signature-based detection isn’t as effective in the age of fileless malware and Living off the Land (LOTL) tactics. What’s more, new attack campaigns are constantly emerging; vendors haven’t seen every malicious operation before they happen, a reality which leaves organizations vulnerable if they only rely on IOCs for protection.

Acknowledging this, Cybereason designed its XDR platform to draw upon both IOCs as well as Indicators of Behavior (IOBs), which provide insight into some of the more subtle signs of compromise. With that intelligence, security teams can gain visibility over an entire attack chain wherever it’s occurring so that they can stop it in its tracks.

The Cybereason XDR Platform comes with dozens of out-of-the-box integrations, and is designed to provide visibility organizations require to be confident in their security posture across all network assets, and delivers the automated responses to halt attack progressions, eliminating the need for both SIEM and SOAR solutions. Organizations can enjoy these benefits whether they drop their SIEM and SOAR entirely or augment it with Cybereason XDR.

Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Anthony M. Freed
About the Author

Anthony M. Freed

Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

All Posts by Anthony M. Freed