Amid rushed digitalization and expanded network perimeters, organizational security postures are lagging behind when they should have led infrastructure changes.
Where Endpoint Detection and Response (EDR) used to be sufficient for organizational cybersecurity, the pandemic era of escalated targeted cyberattacks; longer attacker dwell times; and global surges in ransomware and state-sponsored espionage are a sign that security postures need to stay aligned with changes in infrastructure.
According to Kal De, Vice President and General Manager, Security Business Unit, VMware, this is where EDR can be extended to eXtended Detection and Response (XDR), which expands the cyber focus to include multi-cloud security, modern app security, and securing of remote workspaces.
With XDR, threat detection and response is more proactive, visibility of all data is much higher, and threat management is faster and more efficient. Let us find out more from Kal De about how organizations can leverage XDR and other cybersecurity strategies to narrow the risk gaps …
CybersecAsia: How can organizations boost their defenses in the face of escalating cyber threats, espionage and state-sponsored attacks?
Kal De (KD): Fortunately, many organizations are recognizing that traditional security approaches such as antivirus software alone are not enough to protect against today’s cyber threats.
Over and above evasive malware, phishing emails, social engineering campaigns and disinformation websites, threats are now being distributed through aggressive worms, targeted brute force attacks on public-facing remote access services, and exploits of overlooked system vulnerabilities. Additionally, attackers are turning to double-extortion ransomware—selling stolen data as a secondary monetization stream.
What is now needed is a ‘defense-in-depth’ approach. This involves deploying multiple layers of defense across endpoints and public and private clouds to improve security against cyberattacks (EDR), inspecting East-West internal traffic, and mandating consistent patch management practices.
Also needed is the “never trust, always verify” strategy called Zero Trust. Security must be an inherent part of an organization’s control points, and must be distributed and aligned across the evolving infrastructure.
Even a Zero Trust strategy can be weakened by siloed teams, so processes and technologies must first connect and align. Real-time intelligence is required to gain authoritative contexts and orchestrate security controls across distributed environments with speed and accuracy.
Finally, decisions are only as good as the data upon which they are based, so knowing the threats and vulnerabilities that are being exploited is the key to executing successful Zero Trust policies.
CybersecAsia: Digitalization has also expanded the attack surfaces of organizations…
KD: Yes, for organizations to meet the expectations of a fast-digitalizing global economy, they are turning to Kubernetes and microservices in their software development processes. Modernizing applications and their development is now a prerequisite to keep pace with a digital-first world as well evolve existing apps into a modern software supply chain.
However, this digitalization of software development is also fundamentally altering how we secure the entire application lifecycle.
According to one recent study, 70% of developers and security managers polled believed that better alignment between their teams would create more secure applications. This means reducing silos among the two teams so that security can be baked-in from the beginning.
CybersecAsia: With hybrid- and remote-working policies becoming common globally, will XDR be the baseline model for corporate cybersecurity in the region?
KD: As the world embraces hybrid- and remote-working, it is critical that organizations put security everywhere to effectively protect their distributed workforces.
Securing this ‘distributed edge’, as well as managing multi-modal employee experiences, are of paramount importance.
Also, organizations need to improve the security of the distributed workforce by automating and optimizing workspaces using outcome-based approaches.
Modern enterprises are well positioned to adopt and integrate XDR solutions, especially with WFH and Bring-Your-Own-Device trends increasing the risk of cyberattacks. We see tremendous potential for XDR adoption by organizations in this region in the years ahead.
CybersecAsia thanks Kal for his insights.