XDR is a new type of security platform which can detect threats more efficiently than previous tools, by collecting and automatically correlating information from multiple security layers. XDR monitors threats from various sources and locations in your organization.
Many attacks evade detection because attackers hide in borderline areas between security silos, such as endpoints, the network, or cloud systems. XDR covers all security silos in one system, so it can see events, which may seem separate and unrelated, as part of a single attack story.
XDR eliminates security silos with a holistic detection and response strategy. It gathers information and builds detailed attack stories across endpoints, servers, email systems, and cloud workloads. It automatically analyzes data to triage and identify real threats, without requiring analysts to spend time reviewing the data.
There are two more things XDR can do which are not possible in the previous generation of security technologies:
XDR integrates with existing IT systems and security tools, and accesses raw data collected from the entire IT environment. Unlike security information and event management (SIEM), XDR does not simply collect alerts and logs from other tools. It goes in-depth, performs its own investigation and analyzes the data using advanced artificial intelligence techniques.
XDR consists of three main components:
As more organizations move sensitive and business-critical workloads to the cloud, cloud security is becoming a central concern for most IT and security teams. When running workloads in a public cloud-like Amazon Web Services (AWS) or Azure, teams have access to extensive security controls offered by the cloud provider.
However, there is usually no central control over which workloads are actually running the cloud and whether they have been properly secured. While XDR does not help with this fundamental problem, it can help identify and detect threats that slip through the cracks of cloud security.
Let’s discuss some of the key cloud security challenges organizations face when moving workloads to the cloud.
Misconfigured cloud security settings were the cause of many significant security breaches. While the cloud does provide security controls, organizations do not have the visibility to ensure that they are configured correctly.
In the cloud, there are a large number of ephemeral resources—for example, compute instances, containers, or serverless functions, which can run for days, hours, or even just minutes—and then shut down and are replaced by others. Each of these resources could potentially have a security misconfiguration that can let attackers in.
In addition, there is limited visibility into what is actually running the cloud, especially when organizations run workloads across multiple clouds. Security teams do not have the tooling and expertise to identify which cloud workloads are securely configured or not.
Insider threats are a growing concern for all organizations, and are an even bigger threat in the cloud. When insiders access cloud resources, they can easily open access to the Internet, share resources with others, and automatically set up configurations or resources. A malicious insider with sufficient permissions can do much more damage than they could in a local environment. Cloud environments are very flexible and powerful, putting much more power at the hands of a malicious insider.
Cloud infrastructure relies on a large number of APIs (application programming interfaces) to allow automated, programmatic control. These interfaces are well documented and readily available to all cloud users, including attackers. If customers do not properly secure their interfaces, attackers can use the same documentation to identify and exploit vulnerabilities, access and steal sensitive data.
Unlike an organization’s on-premise infrastructure, cloud-based deployments are outside the perimeter of the network and can be accessed directly from the public internet. This makes it easy for attackers to gain unauthorized access to cloud systems. On-premises, a sensitive server with a weak password would still be behind a firewall and protected by the overall network security perimeter. In the cloud, the same server can be directly accessed and breaches by an attacker.
Cloud security is no longer an isolated field. For most organizations, the cloud is tightly integrated with on-premises systems, and security incidents in one environment can quickly spread to another. It is no longer effective to analyze and respond to on-premises and cloud incidents separately.
Another change is that cloud security has shifted left. Security teams take part in the development sprints and participate in software testing and deployment planning. However, this transformation is not possible without security tools that provide full visibility and control over
the entire hybrid environment.
XDR can contribute to cloud security in three main ways:
In this article, I explained the tremendous potential of XDR, which is not only a platform but a new paradigm in security technology. I showed how XDR can address cloud security challenges including:
XDR can do this in a way traditional security technologies cannot, by taking identity management, cloud log analysis, and network flow analysis to the next level. I hope this will help your organization take your next steps in fortifying cloud security.
Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Ixia, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.
LinkedIn: https://www.linkedin.com/in/giladdavidmaayan/
The post How XDR Can Address Cloud Security Challenges by Gilad David Maayan appeared first on Hakin9 – IT Security Magazine.
Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More
AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More
UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More
How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More
The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More
A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More
Leave a Comment