Beyond XDR: The New Frontier - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Security & Risk Strategy
06:00 AM
Ramsés Gallego, International Chief Technology Officer, CyberRes, a Micro Focus Line of Business
Ramsés Gallego, International Chief Technology Officer, CyberRes, a Micro Focus Line of Business
Sponsored Article

Beyond XDR: The New Frontier

The industry has been praising the benefits of XDR but imagine a new epoch for threat intelligence born in the cloud and raised as a SaaS-native dimension.

The dictionary says that 'beyond' is 'happening or continuing after a specified event'; it also indicates that is exceeding, surpassing, and even transcending. We, the industry, have been praising the benefits of XDR (extended detection and response) after having experienced the discipline for the endpoint (EDR), a managed approach for detection and response (MDR) and other similar acronyms. While XDR sits at the heart of it all (where the X is like the nexus, the crossroads, where multiple security controls meet, we believe in going above and beyond (pun intended).

We see the need for building an overarching umbrella that capitalizes on the disciplines of SIEM, that builds on the unique capabilities of not just correlation but super-correlation (due to the magnitude of the data lakes that can be nurtured and used), that accelerates not only the time-to-respond but the time-to-protect. We have envisioned a new epoch for threat intelligence to thrive with improved protection and response capabilities, born in the cloud and raised as a SaaS-native dimension. The time has come for enterprises and societies at large to leverage the technology to safeguard what matters most, across a landscape of technology assets -- from endpoints to datacenters, from the network to the cloud, from devices to applications.

This can only be done by fully understanding the TTP (tactics, techniques, and procedures) of bad actors. We will achieve that by comprehending the way cyber criminals try to circumvent existing traditional controls and preventing their next move using an unparalleled threat intelligence capability. We stand on moving beyond XDR since it can bring second-to-none control and visibility on what's happening in every in and out vector of a corporation.

What if we could guess the moves of an offender before she/he acts? What if we could prevent an attack even if they try to disguise or attract the attention of a cyber analyst in a SOC to another deed? What if we could gather intelligence from multiple sources and use algorithms such as the ones on unsupervised machine learning to have a preventative, proactive, consistent, coherent, unified, and simplified approach to detection and response?

The answer is, to our belief, at three clicks of distance and our engineers have been working tirelessly to provide a highly visual, robust and solid dimension to reducing the number of false positives and integrating -- not just connecting -- relevant data from multiple sources for a more accurate incident triage. We believe this is not just an era of changes but the change of an era. Unsupervised machine learning -- that learns from observation rather than by example -- can be and actually is another actor on our side to provide automation and orchestration, to get rid of human mistakes.

We feel that the book has been written when it comes to providing more options than just simply checking infrastructure or closing connections. The world needs actionable information and not just a large stream of alerts that can confuse and distract from the real task: threat hunting, investigation, prevention, and protection.

Cyber resiliency is made out of the following four verbs: Anticipate; withstand; recover; evolve. There has never been a better time to talk about risk prioritization, risk mitigation, risk reduction, risk governance, and risk response. Cyber criminals are not stopping because we have entered 'the remote working era'. The way technology can understand +1400 different formats, turn video, text, emails and even voice into a source for threat detection looks like magic, and we must use the power within to maximize the control and visibility of security professionals.

The time has come to leverage very powerful visualization tools that leave an investigation at three clicks of distance -- and cross-pollinate information from different geographies, industries, verticals -- with one goal and one goal only: protect and defend. We had a vision a few months ago that took us into the journey of going beyond XDR. We feel it is the way to go, a new dimension to complete and complement good initiatives such as EDR, EPP (endpoint protection), MDR, XDR, etc. For us, it represents a new opportunity to shine at what we do best: engineer excellent solutions to protect, defend and safeguard people and data. For our society, it is the chance to embrace beyond existing solutions. A new frontier.

With a background education in business administration (MBA) and law, Ramsés Gallego is a 22+ years security professional with deep expertise in the risk management and governance areas. Ramsés is the International Chief Technology Officer, Cybersecurity, at Micro Focus, where he defines the vision and mission, purpose and promise of the company in that arena.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll