printer friendly version

The best detection and response strategy for cyber threats

Carlo Bolzonello.

The fast evolving world of online threats is driving organisations to think more broadly than ever about their cyber security strategies, beyond the traditional approach. This time of change can be confusing for network security professionals looking for the most relevant detection and response tools against a highly adaptable and professional modern enemy.

This reality was captured in the latest Trellix Cyber Threat Report South Africa for the second quarter of 2023 and was measured and recorded by the company’s Advanced Research Centre. The report revealed that 26% of all detected activity was on government systems, followed by 16% on those of business services providers, 14% on wholesalers’ networks, and 12% against utilities’ systems. Notable threat actors in the country included Redline stealers, Vidar, and the cyber threat groups Lazarus and Daggerfly Advanced Persistent Threats (APTs).

The intensity and variety of attacks are only growing as organisations of all sizes, including small businesses, are targeted. With the emergence of various security platforms, including Extended Detection and Response (XDR), Endpoint Detection and Response (EDR), and Network Detection and Response (NDR) strategies, business operators across the public and private sectors need to consider the strengths and weaknesses of each approach.

Endpoint Detection and Response

The benefit of EDR is the ability to directly protect network endpoints, which are the devices used to connect to networks on-premises. These devices are the vulnerable points where hackers will target entry into an organisation’s systems. Still, companies will also need other security tools to identify new threats or to manage users working remotely in hybrid setups.

Network Detection and Response

NDR is unique in its ability to monitor and record network activity continuously, and they are often packed alongside other tools like security information and event management (SIEM) products, as well as EDR. While NDR is good at providing forensic information about network events, they often cannot examine some cloud, identity data and some security information. This leaves systems using NDR standalone vulnerable when assets are in different geographic locations.

Extended Detection and Response

Trellix XDR has a more proactive and comprehensive detection and response approach that centralises visibility of the entire network across endpoint, network and cloud data. When used with SIEM (Security Information Event Management) and security orchestration, automation, and response (SOAR), XDR can deal with complex, evolving threats such as those deployed by threat actors in real time.

Although XDR may require a slightly higher investment initially, institutions get a solution that not only monitors endpoint and network data, but an overarching architecture that unifies several platforms centrally and in real time.

Staying ahead of syndicate networks requires a strategic and comprehensive approach in the ever-evolving landscape of cyber threats. The latest Trellix Cyber Threat Report reveals that the challenges are diverse, targeting entities across sectors. The debate between EDR, NDR, and XDR is nuanced, but the solution is clear – a proactive and unified defence. Trellix’s XDR, with its expansive and integrative capabilities, serves as a guide for tackling modern security challenges.

Share this article:

Further reading: