In a rapidly evolving cyber threat landscape, network operators in organisations of all sizes are grappling with an increasingly persistent and organised world of cybercriminals. Carlo Bolzonello, country lead for Trellix South Africa looks at some of the most common response and detection strategies and their effectiveness in managing this growing risk. The fast-evolving world of online threats is driving organisations to think more broadly than ever about their cyber security strategies, beyond the traditional approach. This time of change can be a bit confusing for network security professionals looking for the most relevant detection and response tools against a highly adaptable and professional modern enemy. This reality was captured in the latest Trellix Cyber Threat Report South Africa, for the second quarter of 2023, measured and recorded by the company’s Advanced Research Centre. The report revealed that 26% of all detected activity was on government systems, followed by 16% on those of business services providers, 14% on wholesalers’ networks, and 12% against utilities’ systems. Notable threat actors in the country included Redline stealers, Vidar, and the cyberthreat groups Lazarus and Daggerfly Advanced Persistent Threats (APTs). The intensity and variety of attacks is only growing, as organisations of all sizes are being targeted, including small businesses. With the emergence of various security platforms, including Extended Detection and Response (XDR), Endpoint Detection and Response (EDR), and Network Detection and Response (NDR) strategies, business operators across the public and private sector need to consider the strengths and weaknesses of each approach.
Endpoint Detection and Response (EDR) The benefit of EDR is the ability to directly protect network endpoints, which are the devices used to connect to networks on-premises. These devices are the vulnerable points where hackers will target entry into an organisation’s systems, but companies will also need other security tools to identify new threats or to manage users working remotely in hybrid setups. Network Detection and Response (NDR) NDR is unique in its ability to continuously monitor and record network activity, and they are often packed alongside other tools like security information and event management (SIEM) products, as well as EDR. While NDR is good at providing forensic information about network events, they often cannot examine some cloud, identity data and some security information. This leaves systems using NDR as a standalone vulnerable when assets are in different geographic locations. Extended Detection and Response (XDR) When used with SIEM (Security Information Event Management) and security orchestration, automation, and response (SOAR), XDR can deal with complex, evolving threats such as those deployed by threat actors in real time. Although XDR may require a slightly higher investment initially, institutions get a solution that not only monitors endpoint and network data, but an overarching architecture that unifies several platforms centrally and in real time.
In the ever-evolving landscape of cyber threats, staying ahead of syndicate networks requires a strategic and comprehensive approach. As revealed in the latest Trellix Cyber Threat Report, the challenges are diverse, targeting entities across sectors. The debate between EDR, NDR, and XDR is nuanced, but the solution is clear – a proactive and unified defence. Trellix’s XDR, with its expansive and integrative capabilities, serves as a guide for tackling modern security challenges.
article by: www.it-online.co.za