Extended Detection and Response
An AI-reinforced layer of security to be added to traditional signature-based systems in order to better respond to zero-day attacks by analyzing network patterns through probabilistic models.
Security through AI based techniques
Extended Detection and Response, or XDR, are simply put AI models that have been trained to analyze certain patterns inside a network and integrated with management tools to provide AI-powered data driven solutions.
- They are within the very few systems that can respond to a zero-day attack
- Alerts and answers work with a degree of accuracy. Yes or no answers are a thing of the past
- Not only reacts to active attacks, but can also alert on attack behaviors.
- AI can adapt and be specialized to the specifics of each system. A generic model is usually less effective
- It can reconfigure both network architecture and user permissions to actively respond to threats.
XDR Market Overview
Today’s Extended Detection and Response (XDR) has a long history, evolving out of network security and network traffic analysis (NTA) and combining the information contained within these tools with AI capabilities. The historical definition of network security is to use a perimeter firewall and Intrusion Prevention Systems to screen traffic coming into the network, but as IT and security technology have evolved, the definition is much broader now due to modern attacks leveraging more complex approaches.
Sophisticated cyberattackers constantly invent and reinvent more effective ways to mount their assaults. Their evasive behaviors and the invisible footprints they leave behind change with dizzying frequency. Traditional legacy security designed to keep out attackers are blind to these ever-changing threat behaviors, giving cybercriminals free rein to spy, spread and steal.
There are a lot of products that fall under the umbrella of network security, and managing those holistically to detect and respond to risk and threats on the network is challenging. That’s where XDR comes in. XDR as a technology category that seeks to first consolidate NTA, IDS, UEBA TIP and AI into a single superset platform for both detection and response,
and secondly go way beyond NTA ever did, acting as the brains behind all the other network security products through Machine Learning and auto-correlation.
What are the important points related to the solution XDR
360 degree data collection
XDR does not focus on any certain aspect of the network necessarily, but instead extracts metadata from all available sources (logs, IDS envents, netflow, traffic files, …). This allows the AI to have a complete view of every aspect of the network.
All gathered data needs to be normalized to a standard so that the AI models can properly process it. Data can be enriched in real time with other sources such as threat intelligence, geolocation, …
High accuracy on alert systems
AI is trained to only react when it identifies threats with high probability. This way, the system does not overload IT personnel with constant alerts, but provides reliable warning systems that the security team can trust.
Although an AI can be programmed as just an alarm system, its capacities extend much further. Facing a possible attack, AI systems can reconfigure the network and user permissions to isolate and eliminate attacks in real time.
Extended Detection and Response (XDR) consists on a series of cybersecurity solutions and techniques that are in constant monitoring of an organization´s network by collecting all network traffic for unprecedented visibility and using behavioral analytics, machine learning, AI, … to detect cyber threats & anomalous behavior and respond to these threats via a diverse set of countermeassures, both in a preventive or reactive manner, while also integrating with other cybersecurity tools/solutions.
Highly performant XDR solutions use advanced machine learning and artificial intelligence tools to model adversary tactics, techniques and procedures to detect attackers behaveoural patterns with high precision. They surface security-relevant context, extract high-fidelity data, correlate events across time, users, and applications to drastically increase monitorization, reaction and securization capabilities in organizations.
They also stream security detections and threat correlations to more traditional security systems (Firewall, SIEM, …) and solutions for comprehensive security assessments.
Today, increasingly sophisticated behavioral analytics; machine learning; and artificial intelligence (AI) of cloud, virtual, and on-premise networks form the backbone of XDR solutions. More and more accurately, AI models can determine the confidence and risk level of a threat and automate appropriate responses within the network infrastructure and user permission systems.
Solution & Teldat XDR Products
Extended Detection and Response core is based on different types of AI, but it´s not limited to that. One must have the capacity to, once a potencial thread has been detected, be capable of act upon the network to isolate or eliminate such thread.
It is at this stage that Teldat´s solution portfolio comes into place. Through our fully integrated AI systems, not only do we have the capacity to isolate the compromised user´s access inside the network, but our groud-breaking detection and response systems are capable of modifying the network architecture itself, sending updated configurations to routers, to eliminate threat´s communication and expansion mechanisms altogether.
A solution ecosystem for a complete response
It is not only AI models that intervene in XDR setup. These models can integrate and trigger actions in every layer of our application portfolio, providing automatic or programmatic reactions in every front. For every problem, we bring a solution.
- be.Analyzer offers complete data collection and normalization through the system, as well as a big-data environment in which to run and re-train our AI algorithms. This allows for our models to not take a generalist approach, but to offer personalized training and execution for each scenario, greatly increasing our accuracy and suitability for every client.
- Through our state of the art SDWAN, we can increase or response to modify network topology. Even in vulnerable system scenarios with outdated signature-based security systems, by isolating the compromised nodes, no matter they are users or computers, we can prevent system propagation in case of an attack.
- By integrating with Active Directory systems, we can also act in the user-permissions in case of an attack, providing us the capability of much more granular response inside our client´s organizations if needed be.
- XDR can be a great value for an organization´s security systems, but it cannot be acting by itself. It is due to this that we provide integration with be.Safe, or next generation firewall, to provide security administrators with deterministic rule recommendations in case of a suspected attack.
Hardware and software combined response
Being able to deploy our solution ecosystem both cloud and on-premise, we offer the high adaptability to our client´s needs, as well as the capacity for our users to either use Teldat´s standard AI or to retrain the networking and deep-learning models for a more personalized and higher accuracy detection and alert capabilities.
Teldat´s XDR is on a trajectory to continue to improve threat detection and prevention, as well as response effectiveness and overall solution efficiency. As XDR embraces more data sources portfolio and deeper integration within networking management tools, this technology´s capacities will only increase in the coming future .
XDR Use Cases
Detection of suspicious activity and traffic
Use of threat detection platforms using AI techniques and monitoring to generate automatic responses
Attackers can cause security breaches by infecting devices to spread malware over the network or act as bots to massively attack the organization itself or other companies. They can also steal credentials or gain unauthorized access to the network to try to get as much information as possible from the inside – these kinds of attack are known as lateral movement attacks.
Traffic visualization and log analysis platforms make it possible to monitor everything that is going on in the network without generating a greater load on equipment or causing communication delays. By having information on how the network typically behaves, you can generate traffic patterns that allow anomalous behavior to be detected, such as multiple IPs accessing the same destination for a denial-of-service attack or attempts to access networks that are not allowed for a specific device.
In this way, automatic responses can be generated, disabling those devices that are suspected of having been infected or revoking access or credentials if they are detected attempting to access sensitive information when they shouldn’t, thus preventing them from achieving their goal.
Teldat’s be.SDWAN and be.Analyzer solutions analyze all network behavior, apply Machine Learning and Artificial Intelligence techniques to detect suspicious behavior, and apply the necessary corrective measures automatically to control the network.
Detection of access attempts to confidential data or data loss from malicious user activities.
Sensitive corporate information is a highly coveted target for hackers, and there are a variety of ways for them to obtain it: for example, they can try to infect devices to send this information to a server outside the network and thus make it available without the organization discovering that there has been a leak. It can also happen that an internal employee with access to such information decides to send it to a public storage platform, which is not considered suspicious, in order to use it when leaving the company or sell it for a profit.
This type of behavior can be detected through DLP (Data Loss Prevention) rules. Network traffic to the outside can be analyzed using security tools that decrypt outbound traffic or traffic to certain specific platforms where sensitive data can be stored and predefined patterns detected (e.g., specific text strings, credit card numbers, bank account numbers, etc.). When detecting this type of traffic, you can choose to simply launch an alert so the malicious user is unaware that he has been detected, allowing you to obtain evidence against him, or you can also automatically block all the transmissions that are detected as unauthorized. You can even completely disable the device from accessing the network.
Teldat’s be.Safe solutions analyze all traffic leaving the organization to detect any access to webpages or servers classified as malicious, analyze patterns, and can block these connections to prevent data leakage.
Read our latest Blog Posts
Limitations of Traditional Cybersecurity Solutions
Traditional cybersecurity solutions, such as firewalls and antivirus software, have been the mainstay of cybersecurity for decades. However, these solutions are becoming less effective in the face of more sophisticated cyber threats. One of the main limitations of...
The importance of Network Traffic Analysis – NTA tools in implementing cybersecurity in companies
Network Traffic Analysis & Cybersecurity Network Traffic Analysis - NTA tools and cybersecurity are two key areas of IT security. Both are essential to protect an organization’s systems and data. This article will discuss the importance of NTA tools and how they...
OT cybersecurity in critical infrastructures
Now that mass and social media are booming, it is normal for marketing to take over and for technological terms to become more trivialized and popular. We are all familiar with cloud computing, now linked to edge computing, blockchain, the metaverse, AI, etc. However,...