search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
industryopinion


XDR marketing is fueling the cybersecurity problem for businesses


Arctic Wolf’s Field CTO, Ian McShane focuses on how organisations are being lured into buying yet more tools and buzzwords like the XDR (extended detection and response) products that are touted as the silver-bullet solution. For Ian, it’s contributing to the problem, here he explains why?


I


f there is one positive we can take from the last sixteen months, it is businesses embracing a more flexible working culture for their employees. Fundamental changes to the traditional nine-to-


five working day means that many companies, in part, have already successfully transformed some of their operations to meet the demands of a new hybrid working world that is now very much the norm. Yet, while many changes have started to establish themselves


and bring positives to workforce morale, there is one part of the operational jigsaw businesses haven’t yet solved, and that’s their cybersecurity. Hybrid working practices have introduced a whole new set of complex cybersecurity challenges that many businesses have firstly never had to face before, and secondly, haven’t yet worked out how to manage. With employee devices moving to unmanaged and untrusted networks and locations, company security is more precarious, identity and access management are harder to oversee, and basic device hygiene and asset management tasks like deploying security patches and updates – which are famously hard to do under even the best circumstances - are proving even harder to enforce and maintain as a result of less frequent IT checks and controls. Te reality is, these challenges are urgent problems for businesses


to address. Te constant reports of successful ransomware attacks and the steep rise in cyber attacks over the past year are reflective of how unprepared businesses are, when it comes to defending themselves against sophisticated cyber threats. In fact, the majority of business executives across the U.S., U.K., and Canada, are willing to pay a cyber ransom just to resume operations. Tis is leading to a perpetuating cycle of panic, fear and uncertainty


amongst businesses, as in their desperation to solve the cybersecurity problem, are being lured into buying yet more tools and buzzwords like the XDR (extended detection and response) products that are touted as the silver-bullet solution. For me, it’s contributing to the problem and I’ll explain why. Fueled by vendor marketing, companies are being encouraged


to buy products they just don’t really need. Tis is leading to cybersecurity tool overload and fatigue amongst security analysts. It’s also encouraging organisations to deploy point products to solve very small problems here, there, and everywhere - essentially papering over the cracks, without solving the bigger issues. Tis is a particularly challenging issue amongst small and medium sized businesses, whose teams are already overwhelmed by the sheer volume of security alerts their business receives, the continuing growth of the ‘alert fatigue’ phenomenon.


14 | December/January 2022 Te best way organisations can address their cybersecurity


challenge is by recognising that they don’t have a tools problem, but an operational one. By prioritising and embracing security operations where they can make the best of their existing investments instead of the endless cycling through new vendors and new products, they will go a long way toward addressing the rapidly evolving threat landscape in a way that meets the unique needs of their business. Tere is no “one size fits all” in security, and if an enterprise doesn’t put operational infrastructure in place, then all you have is just more tools, more collectors, more agents, more locations, and more data to filter through, which contributes to even more alert fatigue and will ultimately mean a threat is more likely to slip through the net and not be detected. Businesses need to ask themselves: “When was the last time we


did a solid disaster recovery activity? Do we have a playbook? Is it old and unsuitable?” Years ago, when data backups were written to tape and stored offsite there was a phrase “your backup is only as good as the restore.” While testing the back-up and restore process was time- consuming and expensive, it only took one hardware failure incident to prove how valuable a well-rehearsed plan can be. Tere are direct parallels with cybersecurity, too. And I don’t just mean having backups for when you get hit by ransomware. Te R in XDR is only as good as the execution of that response.


So, when was the last time your business tested a disaster scenario? What’s your cyber security team’s first step when ransomware takes hold? Tere’s no easy button and no buzzword tool that is going to replace the good old-fashioned planning and practice. Tis is operationalisation, combining people, process, practice and making the best use of the tools you have. Tat’s the endgame here. When working with customers, we find that every organisation


already has the tools in place to fundamentally improve their security posture, but they lack either the skills or the time in their workforce to implement a more efficient and sophisticated security department. Te first thing that organisations should do is to put a pause on buying not just XDR but all security products, close the flashy product PowerPoints that they’re being sent from vendors, put the purchase order approval stamps away, and really understand what tools they already have at their disposal. Te businesses that prioritise investing in their security operations, those that spend the time to understand their current capabilities and gaps before adding more complexity, will be leaps and bounds ahead of the cybersecurity maturity curve and will drastically reduce the likelihood and impact of in the long run.


www.pcr-online.biz


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68