[Column] Brandon Rochat: Extending XDR to the Cloud

Can you rely on the big providers for detection and response in a cloud-first world? Looking back, organisations once relied on internal networks with internal applications. But as companies began to invest in their cloud journeys, moving applications and data online, the need for extended detection and response – or XDR – became apparent.

The evolution of detection and response has gone from signature-based anti-virus solutions (AVs) to intelligence-based or next-generation AVs at the EPP layer. The DR layer has become increasingly complex using technology like artificial intelligence, machine learning, big data analysis, automation and security threat feeds in the background to stay ahead of threat actors.

Detection and response has gained a lot more intelligence over the years because our adversaries have gained more intelligence. Companies need to be just as many steps closer to cybercriminals – or beyond them – when it comes to detecting and responding.

But it is not cloud which is changing detection and response: The concept of detection and response doesn’t change whether you’re on-cloud or on-network, it’s where the customers are moving to that matters most. What many businesses fail to realise is that being in the cloud isn’t more secure or cheaper.

As companies shift their core applications, data and workloads to the cloud, they will still need to invest in detection and response solutions, solutions that reduce the time it takes to investigate and recover from enterprise-wide cyberattacks. 

Most big cloud providers have a shared responsibility model. What this means is that your security team still maintains some level of responsibility. The cloud provider will physically secure your technology and equipment but not necessarily your data. If you don’t read the Ts and Cs, you may be caught out.

What is the responsibility of the cloud provider and what responsibility lies with the end user, your security team, your CISO?

While the cloud is secure, detection and response remains critical, especially when it comes to compliance (be it GDPR or even the POPI Act). Data needs to be protected in accordance with laws and industry standards and extending detection and response to the cloud in today’s security landscape requires XDR – being able to succinctly analyse different threat feeds as quickly as possible in order to deliver the right information to security analysts.

We call it a malicious operation. It doesn’t make a difference where the data is coming from – firewalls, a cloud application, an internet of things device – it’s how you deal with it. When you partner with the right people, detection and response is not a difficult part of the cloud journey. When business operations move to the cloud, it’s important to question how security operations will become affected. What will your security landscape look like?

As cybercriminals become smarter, the security landscape becomes more complicated. Defending an organisation against threat actors is increasingly complex when the perimeter keeps shifting. While the coronavirus created a perimeter shift with so many people working from home, cloud started the concept.

The perimeter is getting further and further away from traditional security. Firewalls are no longer the most important security piece in your network. The endpoints are becoming a bigger problem – they’re evolving and no longer sit inside a traditional network. It’s creating complexity, not necessary for the security industry but for companies who have taken their data to the cloud.

Ultimately, XDR is not just for the cloud. It is for anywhere that there is an endpoint connected that could be a threat because the endpoint is anywhere the user is. This is also why companies like Google, are collaborating with and investing in external security vendors to improve their detect and response capabilities.

It is complex, especially if you’ve been working with legacy security solutions that can’t walk that cloud journey with you. But it is important to remember that the cloud is just a journey that corporates and customers are moving towards. Detection and response needs to follow.

Brandon Rochat is the sales director for Africa at Cybereason.