Intelligent CIO Middle East Issue 47 | Page 31

+ EDITOR’S QUESTION TAREK KUZBARI, REGIONAL DIRECTOR – MIDDLE EAST, BITDEFENDER P revention is better than cure and nowhere is this more true than in cybersecurity. There is no one-size- fits-all solution for every kind of threat or infrastructure. However, in recent years, progressive organisations have started taking a pro-active approach to combating cyber-incidents. Their new strategy – which marks a paradigm shift for cybersecurity – deploys multiple layers of detection, prevention and remediation for all kinds of threats, both external and internal, at the network level as well as at endpoint level. Even if a sophisticated attack gets past one layer, security operations centres (SOCs) can still catch the attack somewhere in transit. However, because the time between detection and response is critical, for this strategy to work, some AI-magic is required – automation. Moreover, according to a recent Forbes Insights survey, 75% of companies are falling way behind in this regard. To provide a solution that can achieve these goals, cybersecurity vendors have had to adapt their thinking as well. Enter Network Detection and Response. Network Detection and Response (NDR) – the brainchild of Network Traffic Analytics, Network Forensics and Endpoint Detection and Response – combines advanced security traffic monitoring and analytics, in-depth investigative capabilities and remediation measures on both endpoint and network levels. A next-generation solution, NDR enables SOC teams to perform fast triage, root cause analysis and network-wide remediation. It supports both manual and automated remediation actions and saves time and resources without requiring additional hires or skill. Network-centric security isn’t new but it’s certainly a recent hot topic in the context of evolving cyberthreats. To better combat advanced persistent threats, malware, malicious insiders or negligent behaviour, vendors have started to craft solutions using Machine Learning and behaviour analytics with insights from cloud threat intelligence derived from millions of sensors globally. ///////////////// An immediate key benefit of leveraging behaviour analytics and threat intelligence is the drastic reduction of false positive alerts, and their associated condition known as alert fatigue, by consolidating similar alerts and pre-staging evidence in one view. Fast, automated alert triage enables SOC teams to dramatically improve how they handle incident investigation and threat response. Choosing the NDR solution that’s right for you Advanced threats call for advanced defences, and recent studies indicate the time to start prospecting is now. Your ideal NDR deployment leverages cloud threat intelligence based on data, collected from millions of endpoints globally, for out-of- band network traffic meta-data analytics based on AI, ML and advanced heuristics. Threat intelligence is key to achieving superior detection of advanced persistent threats with minimal false positives. A business handling large clusters of customer data should prospect NDR solutions that only analyse traffic meta-data, eliminating the risk of exposing payload data on unencrypted communication and ensuring compliance with both local and international data privacy laws. The exclusive focus on traffic meta-data eliminates privacy concerns surrounding non-encrypted traffic, but still lets SOCs identify network behaviour that violates policy. The ideal NDR deployment can further ease compliance by analysing encrypted traffic for suspicious behaviour without having to decrypt actual data packets. Enterprises everywhere must protect corporate-issued endpoints, user-managed devices and network elements, as well as BYOD and IoT deployments. This is particularly true in most UAE and Saudi firms. A recent Honeywell study shows two thirds of companies operating in these countries view IoT as critical to growth. Besides the main pain points of protection, costs and skills, NDR will help dramatically in terms of interoperability within the IT ecosystem, especially for hybrid infrastructures with smart devices, IoT, Operational Technology (OT), and even legacy systems. Finally, all prospecting NDR buyers should seek a single-pane solution that offers a bird’s eye view of all network activity across the infrastructure, saving them time and money without requiring an extensive, skilled staff to maintain the solution, while stepping up the security maturity ladder. INTELLIGENTCIO 31