Cyber Security Solutions and Tech Sri Lankan CIOs Must Have
By Sunil Sharma
Adversaries are getting more impactful and dangerous with each passing day. They learn from each other, exchange tools and knowledge, and work as a community to launch sophisticated cyber-attacks. Unfortunately, there are now many ways to gain entry into an organisation’s network and adversaries know all of them. If one approach does not work, they will typically try another until they find a foothold inside a network.
Sophos’ Active Adversary Playbook 2021, which details attacker behaviour and their tools, techniques and procedures (TTP), shows that the median attacker dwells time before detection was 11 days. This means adversaries have 11 days between their initial foothold and being detected. At this time, adversaries try to get control of all the computers on a network so they can steal as much data as they can, and scramble as many devices as possible, thus leaving an organization in the most vulnerable position possible.
In order to prevent adversaries from gaining an entry to an organization or to minimize the damage in case they get an entry, Chief Information Officers (CIOs) or Chief Information Security Officers (CISOs) should make sure that they have technologies and services that help them to have necessary prevention and detection in their organisation’s cyber security defence.
Below are key must-haves that local CIOs or CISOs should deploy within their organisations
Extended Detection and Response (XDR) Solution: Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) are important tools for threat hunting. What these essentially do, is help organizations to hunt across their environment to detect indicators of compromise (IOCs) and indicators of attack (IOA).
While EDR is a powerful tool, they are limited to detection and response on endpoints and servers. To defend IT infrastructure more comprehensively an integrated detection and response system is key. This is where XDR comes in. XDR takes the idea of EDR and extends it. It goes beyond the endpoint and server, incorporating data from other security tools such as firewalls, email gateways, public cloud tools, and mobile threat management solutions.
Managed Detection and Response Services: Adversaries are changing their tactics, techniques, and procedures to increase launch cyber-attacks that combine automation with active human interaction or “hands-on keyboard” hacking. As businesses see a constant increase in the cyber-attacks leveraging these attack methods, CIOs need to ensure their current cyber security defenses can stand up against active cyber attackers by leveraging a managed detection and response provider which can conduct threat hunts, detect attacks, investigate suspicious activity, and respond to incidents.
Security operations require the right tools, people and processes in-house to effectively manage security around the clock. Yet, many businesses struggle to put all of these much-needed pieces in place. This dilemma has given way to a new solution: Managed Detection and Response (MDR) services.
MDR services are outsourced security operations delivered by a team of specialists. MDR services act as an extension of organisations’ security teams, combining human-led investigations, threat hunting, real-time monitoring, and incident response with a technology stack to gather and analyse intelligence.
Synchronised Security Technology: Irrespective of the size of enterprises, native endpoint, server, firewall, and email security are foundational for any IT security strategy. Unfortunately, for the longest time, these solutions simply didn’t communicate with each other – they were independent and isolated silos, which limited their effectiveness and their manageability.
Businesses must understand the importance of linking leading security solutions in a coordinated and integrated approach. Technology like synchronized security that integrates - native endpoint, server, firewall, and email security- is the need of the hour as it delivers better protection – and better manageability for organisations of any size.
(The writer is the Managing Director Sales- India & SAARC for Sophos)