Extended Detection and Response

An AI-reinforced layer of security to be added to traditional signature-based systems in order to better respond to zero-day attacks by analyzing network patterns through probabilistic models.

Security through AI based techniques

Extended Detection & Response (XDR) detection and response,active directory,ai models,xdr,network traffic analysis

The definition of XDR or Extended Detection and Response is, simply put, AI models that have been trained to analyze certain patterns within a network and integrated with management tools to provide AI-driven data-driven solutions.

 

    • They are within the very few systems that can respond to a zero-day attack
    • Alerts and answers work with a degree of accuracy. Yes or no answers are a thing of the past
    • Not only reacts to active attacks, but can also alert on attack behaviors.
    • AI can adapt and be specialized to the specifics of each system. A generic model is usually less effective
    • It can reconfigure both network architecture and user permissions to actively respond to threats.

XDR Market Overview

borrar

Todayā€™s XDR products have a long history, evolving out of network security and network traffic analysis (NTA) and combining the information contained within these tools with AI capabilities. The historical definition of network security is to use a perimeter firewall and Intrusion Prevention Systems to screen traffic coming into the network, but as IT and security technology have evolved, the definition is much broader now due to modern attacks leveraging more complex approaches.

Sophisticated cyberattackers constantly invent and reinvent more effective ways to mount their assaults. Their evasive behaviors and the invisible footprints they leave behind change with dizzying frequency. Traditional legacy security designed to keep out attackers are blind to these ever-changing threat behaviors, giving cybercriminals free rein to spy, spread and steal.

There are a lot of products that fall under the umbrella of network security, and managing those holistically to detect and respond to risk and threats on the network is challenging. Thatā€™s where XDR comes in. XDR as a technology category that seeks to first consolidate NTA, IDS, UEBA TIP and AI into a single superset platform for both detection and response,
and secondly go way beyond NTA ever did, acting as the brains behind all the other network security products through Machine Learning and auto-correlation.

What are the important points related to the solution XDR

Extended Detection & Response (XDR) detection and response,active directory,ai models,xdr,network traffic analysis

360 degree data collection

XDR does not focus on any certain aspect of the network necessarily, but instead extracts metadata from all available sources (logs, IDS envents, netflow, traffic files, ā€¦). This allows the AI to have a complete view of every aspect of the network.

Extended Detection & Response (XDR) detection and response,active directory,ai models,xdr,network traffic analysis

Data normalization

All gathered data needs to be normalized to a standard so that the AI models can properly process it. Data can be enriched in real time with other sources such as threat intelligence, geolocation, ā€¦

Extended Detection & Response (XDR) detection and response,active directory,ai models,xdr,network traffic analysis

High accuracy on alert systems

AI is trained to only react when it identifies threats with high probability. This way, the system does not overload IT personnel with constant alerts, but provides reliable warning systems that the security team can trust.

Extended Detection & Response (XDR) detection and response,active directory,ai models,xdr,network traffic analysis

Automated response

Although an AI can be programmed as just an alarm system, its capacities extend much further. Facing a possible attack, AI systems can reconfigure the network and user permissions to isolate and eliminate attacks in real time.

Understanding XDR

Extended Detection and Response (XDR) consists on a series of cybersecurity solutions and techniques that are in constant monitoring of an organizationĀ“s network by collecting all network traffic for unprecedented visibility and using behavioral analytics, machine learning, AI, … to detect cyber threats & anomalous behavior and respond to these threats via a diverse set of countermeassures, both in a preventive or reactive manner, while also integrating with other cybersecurity tools/solutions.

Highly performant XDR solutions use advanced machine learning and artificial intelligence tools to model adversary tactics, techniques and procedures to detect attackers behaveoural patterns with high precision. They surface security-relevant context, extract high-fidelity data, correlate events across time, users, and applications to drastically increase monitorization, reaction and securization capabilities in organizations.

They also stream security detections and threat correlations to more traditional security systems (Firewall, SIEM, …) and solutions for comprehensive security assessments.Ā Ā Ā 

Today, increasingly sophisticated behavioral analytics; machine learning; and artificial intelligence (AI) of cloud, virtual, and on-premise networks form the backbone of XDR solutions. More and more accurately, AI models can determine the confidence and risk level of a threat and automate appropriate responses within the network infrastructure and user permission systems.

borrar

Solution & Teldat XDR Products

The background

Extended Detection and Response core is based on different types of AI, but itĀ“s not limited to that. One must have the capacity to, once a potencial thread has been detected, be capable of act upon the network to isolate or eliminate such thread.

It is at this stage that TeldatĀ“s solution portfolio comes into place. Through our fully integrated AI systems, not only doĀ  we have the capacity to isolate the compromised userĀ“s access inside the network, but our groud-breaking detection and response systems are capable of modifying the network architecture itself, sending updated configurations to routers, to eliminate threatĀ“s communication and expansion mechanisms altogether.

 

Extended Detection & Response (XDR) detection and response,active directory,ai models,xdr,network traffic analysis

A solution ecosystem for a complete response

Extended Detection & Response (XDR) detection and response,active directory,ai models,xdr,network traffic analysis

It is not only AI models that intervene in XDR installation. These models can integrate and trigger actions in every layer of our application portfolio, providing automatic or programmatic reactions in every front. For every problem, we bring a solution.

 

    • be.Safe XDR offers complete data collection and normalization through the system, as well as a big-data environment in which to run and re-train our AI algorithms. This allows for our models to not take a generalist approach, but to offer personalized training and execution for each scenario, greatly increasing our accuracy and suitability for every client.
    • Through our state of the art SDWAN, we can increase or response to modify network topology. Even in vulnerable system scenarios with outdated signature-based security systems, by isolating the compromised nodes, no matter they are users or computers, we can prevent system propagation in case of an attack.
    • By integrating with Active Directory systems, we can also act in the user-permissions in case of an attack, providing us the capability of much more granular response inside our clientĀ“s organizations if needed be.
    • XDR can be a great value for an organizationĀ“s security systems, but it cannot be acting by itself. It is due to this that we provide integration with be.Safe, or next generation firewall, to provide security administrators with deterministic rule recommendations in case of a suspected attack.

Hardware and software combined response

Most XDR vendors have different variations of software for this technology. But it requires the knowledge and experience of a hardware and network vendor the likes of Teldat to be able to act both at the software and the hardware level.

Being able to deploy our solution ecosystem both cloud and on-premise, we offer the high adaptability to our clientĀ“s needs, as well as the capacity for our users to either use TeldatĀ“s standard AI or to retrain the networking and deep-learning models for a more personalized and higher accuracy detection and alert capabilities.

TeldatĀ“s XDR software is on a trajectory to continue to improve threat detection and prevention, as well as response effectiveness and overall solution efficiency. As XDR embraces more data sources portfolio and deeper integration within networking management tools, this technologyĀ“s capacities will only increase in the coming future .

Extended Detection & Response (XDR) detection and response,active directory,ai models,xdr,network traffic analysis

XDR Use Cases

Extended Detection & Response (XDR) detection and response,active directory,ai models,xdr,network traffic analysis

Detection of suspicious activity and traffic

Use of threat detection platforms using AI techniques and monitoring to generate automatic responses

Extended Detection & Response (XDR) detection and response,active directory,ai models,xdr,network traffic analysis

Data leakage

Detection of access attempts to confidential data or data loss from malicious user activities

Detection of suspicious activity and traffic

Use of threat detection platforms using AI techniques and monitoring to generate automatic responses

Challenge

Attackers can cause security breaches by infecting devices to spread malware over the network or act as bots to massively attack the organization itself or other companies. They can also steal credentials or gain unauthorized access to the network to try to get as much information as possible from the inside ā€“ these kinds of attack are known as lateral movement attacks.

Solution

Extended Detection & Response (XDR) detection and response,active directory,ai models,xdr,network traffic analysis

Traffic visualization and log analysis platforms make it possible to monitor everything that is going on in the network without generating a greater load on equipment or causing communication delays. By having information on how the network typically behaves, you can generate traffic patterns that allow anomalous behavior to be detected, such as multiple IPs accessing the same destination for a denial-of-service attack or attempts to access networks that are not allowed for a specific device.

In this way, automatic responses can be generated, disabling those devices that are suspected of having been infected or revoking access or credentials if they are detected attempting to access sensitive information when they shouldnā€™t, thus preventing them from achieving their goal.

Why Teldat?

Teldatā€™s be.SDWAN and be.Safe XDR solutions analyze all network behavior, apply Machine Learning and Artificial Intelligence techniques to detect suspicious behavior, and apply the necessary corrective measures automatically to control the network.

Data leakage

Detection of access attempts to confidential data or data loss from malicious user activities.

Challenge

Sensitive corporate information is a highly coveted target for hackers, and there are a variety of ways for them to obtain it: for example, they can try to infect devices to send this information to a server outside the network and thus make it available without the organization discovering that there has been a leak. It can also happen that an internal employee with access to such information decides to send it to a public storage platform, which is not considered suspicious, in order to use it when leaving the company or sell it for a profit.

Solution

Extended Detection & Response (XDR) detection and response,active directory,ai models,xdr,network traffic analysis

This type of behavior can be detected through DLP (Data Loss Prevention) rules. Network traffic to the outside can be analyzed using security tools that decrypt outbound traffic or traffic to certain specific platforms where sensitive data can be stored and predefined patterns detected (e.g., specific text strings, credit card numbers, bank account numbers, etc.). When detecting this type of traffic, you can choose to simply launch an alert so the malicious user is unaware that he has been detected, allowing you to obtain evidence against him, or you can also automatically block all the transmissions that are detected as unauthorized. You can even completely disable the device from accessing the network.

Why Teldat?

Teldatā€™s be.Safe solutions analyze all traffic leaving the organization to detect any access to webpages or servers classified as malicious, analyze patterns, and can block these connections to prevent data leakage.

Read our latest Blog Posts