“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” - Tim Cook, CEO, Apple
In the game of cat and mouse between data security and bad actors, extended detection and response (XDR) is the latest weapon that organizations can utilize to strengthen their security posture.
XDR is a new approach to threat detection and response, a key element in defending an organization’s infrastructure and data from damage or unauthorized access and misuse.
But where did it all begin?
The Origins of the Computer Virus
XDR is the latest evolution in the long history of cyber security. Antivirus is the 'grandfather of XDR, so to speak. The concept of computer viruses orginates as far back as1949 when an American-Hungarian scientist, John Von Newman, published “The Theory of Self-Reproducing Data” aka the computer virus.
The first known virus, the “Creeper Virus” was detected by a program created by Ray Tomlinson in 1971 called “Reaper”. This led to the birth of what we now know as Cyber Security and the ongoing struggle to maintain data security. Some people consider "The Reaper" the first antivirus (AV) software ever written – but it is important to note that the Reaper was a virus itself specifically designed to remove the Creeper virus. The Creeper virus subsequently led to several other viruses and as detection method got more sophisticated, so did the bad actors.
This launched the next phase in AV and Next Generation Anti Virus (NGAV). This solution although using signature-based algorithms, included upgrades such as no weekly updates to close the gaps in AV. End Point Protection (EPP) and Next Generation End Point Protection (NGEP) saw the emergence of behaviour based detection, machine learning and AI capabilities to combat malware. Extended Detection and Response (EDR) is an evolution from NGEP with extended detection containing security incidents and the ability to restore endpoints to their original, pre-infection state.
With the explosion of 5G network and IOT, cyber security continued ts evolution into the world of extended detection and response (XDR).
XDR is a new, alternative approach to traditional endpoint protection with cross-layered detection and response capabilities. With XDR, data is collected and automatically correlated across multiple security layers – email, endpoint, server, cloud workloads, and network – so threats can be detected faster, and security analysts can improve investigation and response times. Zero trust was also built in as a tool to enhance the security of data. Most attacks are not Zero day, a good XDR solution needs to be able to monitor and access traffic, have User and Entity Behaviour Analysis (UEBA), NGAV, EDR, Network Detection and Response (NDR), and Deception technology built-in to identify isolate and quarantine the threat. As bad actors became more sophisticated by using psychology to gain access, Cyber Security had to become scientific to ensure there were no gaps.
The 2017 edition of Gartner’s Market guide for Endpoint Detection and Response Solutions classified endpoint detection and response as a basic security capability and part of what should be considered the foundation for any solution.
In 2005 there were 136 data breaches reported by the Privacy Rights Clearinghouse and more than 4500 data breaches have been made public since then. However, it is fair to believe the actual number of data breaches are likely higher since some of the data breaches reported have unknown numbers of compromised records.
To mitigate the risk that comes along with data loss due to a cyber breach, many companies are now purchasing data breach insurance. This type of insurance helps cover the cost associated with a data security breach. Having a mature XDR solution with advanced detection, response, and reporting can help lower the cost of cyber security breach insurance.
The key takeway is that it is imperative for organizations to do their research and due diligence to ensure that they are investing in the best security solutions, according to their allocated budgets. Data security should not be an afterthought, but a key part of business planning and continuity discussions.
Last week, I co-hosted a session on this very subject with Cynet, with a leading provider in the XDR space. Please feel free to view the replay here.
Stay tuned for an upcoming post on the The Importance of MDR.
In the meantime, I will leave you with this quote to reflect on:
“Most people are starting to realize that there are only two different types of companies in the world: those that have been breached and know it and those that have been breached and don’t know it. Therefore, prevention is not sufficient and you’re going to have to invest in detection because you’re going to want to know what system has been breached as fast as humanly possible so that you can contain and remediate”. - Ted Schlein, Managing Partner, Kleiner Perkins Caufield & Byers
- The United States saw 1,244 data breaches in 2018 and had 446.5 million exposed records (Statista).
- Data breaches exposed 4.1 billion records in the first six months of 2019 (Forbes).
- As of 2019, cyber-attacks are considered among the top five risks to global stability (World Economic Forum).
- Healthcare and public sector spent the most time in the data breach lifecycle, 329 days and 324 days, respectively (IBM).
- The average time to identify a breach in 2019 was 206 days (IBM).
- The average time to contain a breach was 73 days (IBM).
- There was an 80% increase in the number of people affected by health data breaches from 2017 to 2019 (Statista)
- 34% of data breaches in 2018 involved internal actors (Verizon).
- 71% of breaches are financially motivated (Verizon).
- 36% of external data breach actors in 2019 were involved in organized crime (Verizon).
- 95% of breached records came from the government, retail, and technology in 2016 (Tech Republic).
- An average of 4,800 websites a month are compromised with formjacking code (Symantec).
- In 2019, c-level executives were twelve times more likely to be the target of social incidents and nine times more likely to be the target of social breaches than in years past (Verizon).
- Ransomware accounts for nearly 24% of incidents where malware is used (Verizon).
- It is estimated that a business will fall victim to a ransomware attack every 11 seconds by 2021 (Herjavec Group).
- Cybercrime is estimated to cost the world $6 trillion annually by 2021 (Cybersecurity Ventures).
- The Most unnerving is a report by Sophos. 74% organizations that were breached, reported that they were running the latest version of Antivirus.