The pandemic has changed organizations’ technology priorities profoundly over the last two years. In a study reported on by Business Wire, cybersecurity and hybrid working constituted the top enterprise technology priorities looking ahead to 2022, at 58% and 55% of organizations, respectively.
This was followed by a three-way tie between customer experience, business processes, and better empowering frontline workers, all at 49%. That same report found that 58% of employees will either primarily work from home or adopt a hybrid work model going forward. So what does this mean for Security Operations?
In a 2021 study, 80% of security and business leaders said that their organizations’ level of risk increased due to the increase in remote work. Those respondents attributed this growth to three factors: the boundaryless network, an expanded supply chain, and a lack of skilled talent in the cloud.
More employees are using personal devices to connect to corporate assets while working in a remote or hybrid model than at any time in history. The issue is that security teams don’t have the needed visibility into their employees’ home networks, so they can’t confirm that adequate security controls are in place or whether insecure or compromised devices might be sharing the same network used to connect to the organization’s IT infrastructure.
When coupled with a lack of physical proximity that’s often needed to troubleshoot or remediate an issue with a device, this lack of visibility leaves organizations exposed to unforeseen threats.
More than half (61%) of security and business leaders said that an expanded software supply chain increased their organizational risk, with an even greater number of respondents (61%) attributing recent cyber attacks to security incidents involving third-party software and service providers, as was the case with recent supply chain attacks like SolarWinds and Kaseya that compromised tens-of-thousands of companies.
These findings in part reflect the shift in tactics employed by supply chain attackers in recent years. According to (ISC)², it used to be the case where malicious actors leveraged unpatched vulnerabilities to target organizations’ supply chains downstream.
Today, attackers aren’t just waiting for those vulnerabilities, but are instead injecting malicious code into “upstream” open-source projects that feed organizations’ supply chains, or are compromising large third-party service providers in order to infiltrate their customer base. This technique empowers malicious actors to infiltrate even more organizations using a single attack/compromise.
In another survey covered by ITProPortal, 86% of IT decision makers vocalized their belief that a lack of skilled talent slows down their cloud deployments. That’s not all this cybersecurity skills gap does, either.
Indeed, it relegates organizations’ cloud security efforts to “overworked staff who don’t have the training or experience necessary to stay on top of the latest cyber-risks,” in the words of ITProPortal. This leaves organizations vulnerable to threat actors that abuse the cloud for malicious purposes.
Many organizations are responding to the challenges discussed above by turning to third-party security tools. But those solutions don’t always augment existing security initiatives. Take Endpoint Detection and Response (EDR) as an example. Most EDR solutions do not have the ability to ingest all available telemetry.
Due to platform shortcomings, they have to exclude some of the necessary telemetry that they send to the cloud for analysis before they return a detection. This so-called “smart filtering” lets those solutions appear as if they are performing their functionality, but by removing event telemetry they prevent organizations from obtaining an accurate picture of the threats in their environment, or delay detection and remediation until much further down the kill chain.
And if a security provider’s EDR can’t handle all the endpoint telemetry required to detect and end attacks faster and more efficiently, you can be sure their Extended Detection and Response (XDR) platform suffers similar limitations.
Taking on disparate tools that can’t communicate with one another doesn’t help, either. It just adds to the noise through which security teams must sift on a daily basis. All these alerts make it more difficult for security professionals to detect every stage of an attack so that they can visualize and respond to a threat in its entirety. They also waste team members’ time with investigations into false positives, per eWeek, thus contributing to a sense of alert fatigue.
The challenges discussed above highlight the need for organizations to approach security differently going forward. Specifically, their security teams need the ability to achieve unified visibility into their endpoints, cloud deployments, and the network more generally. this visibility needs to cover threats that security vendors might not have seen before.
As such, they need an approach that takes Indicators of Compromise (IOCs) along with Indicators of Behavior (IOBs) into account so that teams can visualize an attack chain and stop it in its tracks - an Advanced XDR solution is the tool that accomplishes this.
Cybereason delivers an Advanced XDR solution that enables organizations to embrace an operation-centric approach to security because where other XDR solutions limit critical data collected because they can’t process or store it, AI-driven Cybereason XDR is designed to collect and analyze 100% of event data in real-time, processing more than 23 trillion security-related events per week, with absolutely no “dumb filtering.” This allows customers to improve their detection and response intervals by 93%.
Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about Cybereason AI-Driven XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.