XDR: How to Stop Ransomware in its Tracks

 
Hacker-rafiki.png
 

We seem to hear new ransomware stories nearly every week—stories about a particularly damaging attack, a sophisticated new variant, or a massive ransom payment that was made.  It’s no surprise we encounter so many unfortunate ransomware stories—the number of ransomware variants is rising and previously-unknown techniques can be unleashed at any time. 

A 2021 survey of cybersecurity breaches found that nearly 40% of businesses reported a breach in the last year, and medium-sized businesses remain the most vulnerable. Another 2021 ransomware report found that, even after paying a ransom, only 8% of organisations were able to get all of their data back. And, in the U.S., after “a number” of SMBs were attacked with ransomware, the White House publicly stated that combating these attacks is a “priority” for both government entities and the private sector. 

Unfortunately, we really only hear about the bad ransomware stories.

So how do we craft a good ransomware story? The first step to combatting ransomware is, of course, prevention; a holistic, robust, and up-to-date cybersecurity strategy is critical for SMBs. Yet, you also need to have a plan in place for those intrusions that do make it through to your network, and the plan should follow a prevent, detect, and recover approach.

This is where XDR (for Extended Detection and Response) comes in. InfoSecurity reports that XDR “shows promise” as an emerging technology for seamless and automated protection. XDR can help you tell a better ransomware story, a story in which you stop ransomware before it fully infects your machines and your network. It probably won’t make the news, but it can save your business.

How XDR Prevents and Detects

We introduced the concept of XDR in a previous post, to help you navigate the various solutions available. Essentially, XDR pulls together everything you need for robust security. It’s a tool— think of a bridge or an umbrella—that brings all of your security products into a single coordinated security system that shares data. As a result, you can more effectively detect threats and deliver a swift, coordinated response that covers your entire attack surface, from your network to your IOT devices. Here, we dive a bit deeper into some of the nuances and benefits XDR brings to your business. 

Continuous Protection and Risk Reduction

Your business likely has a large attack surface—consider all of your data, devices, and people. Especially amidst today’s new remote work and cloud environment, more people are accessing the internet and your network from more devices; some of which may even be unsecured personal devices. Popular collaboration platforms, even those that offer top-notch security, can also be misconfigured (intentionally or not) by your team in a dangerous “shadow IT” environment. These numerous vulnerabilities expose the critical systems of your business to attackers. 

It also creates a lot of noise. Even with a robust threat detection solution in place, the volume of alerts generated can present a daunting task for even a skilled and dedicated technology team. Simply put, it’s impractical to assume that everything can be monitored and protected these days. 

The smarter approach is XDR, which allows you to trace and track the path an attacker takes, whether known or unknown. The right XDR solution will autonomously surface the threats that matter, so you can cut down on the noise and quickly triage the threats that present the greatest potential for damage. 

SMBs often lack the security resources of a large firm, but this doesn’t have to place you at a greater risk for attack. Instead, you can follow established frameworks which are built on data and methods for specific threat actors and their unique threat techniques. MITRE’s ATT&CK framework is a great example. Rather than forging your own framework, ATT&CK is like a dictionary or index to help you classify and organise events and actions to determine the critical next steps you should take following an incident.

Some of the best XDR solutions available today are built on the ATT&CK framework, to effectively monitor all threats across the network. The result is better detection, investigation, and blocking. And just like new words are periodically added to a dictionary, you can crowdsource (from your own intelligence as well as global standards for government and the private sector) and update the framework with new knowledge to stay on top of a rapidly changing threat landscape. 

Automation to Minimise Response Time

Speed is a critical component for effective cyber protection, detection, and recovery. Ideally, acting quickly means eliminating the need for a full investigation before a response can be implemented. Does your current cybersecurity strategy include a directive to “respond as fast as humanly possible”? That’s a good rule of thumb, but it has one glaring weak spot: humans aren’t really that fast. 

Let’s say a specific tool at your business raises a high severity alert. It can take hours, or even days, for your technology team to understand what struck your system. If you wait for this clarity before you deploy a response, it’s often too late.

XDR flips this on its head. It provides the entire attack narrative in real-time. Which means that your technology team will actually have an opportunity to respond to the attack, while it’s still in progress. Most attacks typically follow a known progression of stages; using XDR to “break the chain” (following a framework like MITRE ATT&CK to monitor detection) at any of these stages is a strong defence against intrusion. 

Extending your Endpoint Detection and Response

XDR is both a promising and proven solution to protect your business. It can literally stop attackers in their tracks. Unlike other solutions that identify events on endpoints, networks, or in an email, XDR lives in and across your entire data centre, so that you can correlate events across all security controls, from your anti-virus software and firewall to your intrusion detection. 

This is exactly why Optec has teamed up with the groundbreaking cloud data firm, Assured Data Protection, to offer XDR-as-a-Service for effective detection, autonomous investigation, and fast response. Together, we can help you craft a better story about ransomware, one that doesn’t really get told because you were able to thwart or minimise the damage of these pervasive attacks.  

Learn more about XDR-as-a-Service or get in touch with our team to discuss your options.

Want the latest news from Optec? Be sure to be sure to follow us on LinkedIn and Twitter.


Related posts

Previous
Previous

SD-WAN: A Housing Association’s Guide to Secure Cloud Services

Next
Next

Immutable Backups: Your Last Defence Against Ransomware