Why Extended Detection Response is the answer to siloed security working

istock 1251377620
iStock

Siloes can be a major problem for modern business, but in a security context they can be catastrophic.

Different departments can have their own processes, procedures and software. They also often have varying methods of recording and using data, along with priorities for how that data is actioned. The increase in remote working has only increased the vulnerability of businesses to the drawbacks of this type of siloed working.

As well as causing operational problems, siloes also present a gap in an organisation’s cyber security armour which attackers can exploit. For this security to be enhanced, businesses must enable greater oversight of their data from right across the organisation so threats can be identified, analysed and acted upon. Software such as Extended Detection and Response (XDR) should form the cornerstone of this approach.

The data footprint

Often the first sign of a security threat is unusual behaviour on a network. This can include connections coming into or leaving the network as well as software changes. Such behaviour may be subtle, like footprints in the sand. Those clues are there, but data siloes, legacy equipment and disparate IT failing to work in concert means detecting these footprints can be difficult or even impossible.

Making sense of the data

Companies today have more data than ever. They can see information moving across their networks but can also struggle to make sense of that information or see the relevance in subtle changes.

To understand patterns which may indicate a potential problem, they must have a system in place that not only provides total visibility of data right across the company but extrapolates clues which may indicate abnormal or criminal behaviour.

IT teams can then make a decision about the evidence they’re being presented with.

They can ask questions such as are connections unusual? Has new software been uploaded? Is there unexpected behaviour on the network? If something is potentially untoward, they can then take action such as shutting off a user’s connection to the network or isolating new software changes.

Having one vendor providing this type of system has major operational benefits too. Cisco’s survey of more than 5,100 IT and security professionals from 27 countries found organisations which source from a single vendor double their chances of successfully building an integrated tech stack. Further benefits then follow, with the survey also finding that integrated security technologies are seven times more likely to achieve high levels of process automation as well. Having just one system - from one vendor - makes things simpler and more effective.

XDR as a solution

It is systems such as XDR which can help businesses deal with the problems posed by siloed data and lack of oversight,  presenting them with a holistic view of data right across the company, analysing it quickly with the help of machine learning and identifying dangers.

From emails, endpoints, servers, cloud workloads, networks and other potential siloes, XDR collects and correlates data to provide greater visibility of potential dangers. These dangers can then be analysed and prioritised with the help of automation. The information is then presented to security staff in an understandable format, enabling them to make quick, accurate decisions and deal with the threats as they arise.

The benefits of investing in such a system are clear. By enabling oversight, spotting patterns and doing the heavy lifting, XDR gives IT professionals the tools they need to guard against threats, sparing the business from operational and reputational damage while also protecting its bottom line.

To learn more about a platform approach to security, including XDR, visit Cisco’s SecureX page.  

Related:

Copyright © 2022 IDG Communications, Inc.