Tag: XDR

Posted on

Forrester: Microsoft Leading the Charge in XDR Innovation

This blog post captures Microsoft’s latest achievements, innovations and recognition in cybersecurity as reported by Forrester in their recent wave report on Extended Dedection and Response (XDR) plafforms. Here is have focussed on the latest developments and Microsoft’s move to leading in this report.

The ever-evolving landscape of cybersecurity, organisations face the challenge of defending against increasingly sophisticated cyberattacks. Based on the analysis performed by Forrester in their 2024 Wave report, Microsoft has yet again risen to the occasion, with them being placed at the far out leader in Forrester Wave: Extended Detection and Response (XDR) platforms – Q2, 2024, pushing them ahead of both Palo Alto and Crowdstrike in this recent report. They have been leaders in this space for over 4 years but this year pulled further ahead than ever before.

In the last year, 75% of security professionals witnessed an increase in attacks with 85% attributing this rise to bad actors using generative AI

Report By Security Magazine 2023


The Forrester report details how to protect against the constant and more spohisticated AI powered “intelligent attacks”, a Unified Approach to Cybersecurity is needed rather than a traditional add-on and multi-vendor approach. Forrester comment how Microsoft Defender XDR stands out with its unified visibility, investigation, and response capabilities. It integrates seamlessly across endpoints, IoT, OT, identities, email, collaboration tools, SaaS apps, cloud workloads, and data insights, providing end-to-end protection.

Generative A is the Game-Changer

Forrester say that the introduction of Microsoft Copilot for Security marks a significant milestone in Microsoft’s approach to XDR. This generative AI solution simplifies incident remediation, reverse engineers malware code, and empowers analysts with natural language processing to generate Kusto Query Language (KQL) queries.

Microsoft’s Automatic Attack Disruption – also powered by their latest AI and Threat Hunting services, has led to the development of automatic attack disruption features in Defender XDR. This technology can detect and disrupt ransomware and other advanced attacks within minutes, showcasing the power of AI in cybersecurity. The services work seemlessly toegther across their wider Azure and Microsoft 365 security portoflio making these a real multi-layered protect, detect and respond approach rather than multiple products stacked on top of each other.

The Future of Cyber Defense

Microsoft’s recognition by Forrester underscores its dedication to innovation and excellence in cybersecurity. As cyber threats continue to evolve, Microsoft’s XDR and unified security operations platforms will remain essential tools in the arsenal of cybersecurity professionals.

In Microsoft’s own blog post on the matter they state that “We believe Forrester’s recognition showcases that Microsoft Defender XDR is the broadest native XDR solution on the market and that our most recent additions of Microsoft Defender for Cloud data and Microsoft Purview Insider Risk Management data are critical to give the SOC access to end-to-end data. Its incident-level visibility, automatic attack disruption of advanced attacks, and accelerated detection and response now work across endpoints, Internet of Things (IoT), operational technology (OT), on-premises and cloud identities, email and collaboration tools, software as a service (SaaS) apps, cloud workloads, and data insights.”

“Microsoft is refining the most complete XDR offering in the market today, their dedication to innovation is demonstrated by its percentage of the R&D budget by revenue, which rivals the most innovative vendors in security.”

Forrester Wave Report: Q2 2024

Summary

Great to see Microsoft continue to innovate in this area, after Satya Nadella stated that they are “priotitising security above all else” in a recent report.

The recent report from Forrester does not of course mean that the other vendors in this report are no good. The familiar vendors such as Palo Alto, Crowdsrike continue to innovate in this space and the others are working hard to move up the quadrant.

Others to mention are Cisco who have moved into the Challengers Quadrant this year, following huge investments in thier Cisco Secure Cloud platform and their continued invenstment to bolster their security portfolio.

It is worth noting that XDR is just one of the security pillars reported on by Forrester and other leading analysts like Gartner.

Posted on

Cisco XDR uses Cohesity to help protect your org from ransomware

Cisco has added ransomware detection and recovery support to its recently unveiled Extended Detection and Response (XDR) system.

Ransomware is a type of malicious software that encrypts the end user’s device and data and demands a ransom for its decryption. Ransomware attacks can cause considerable damage to businesses and organisations, disrupting their operations and compromising their data. To combat this threat, Cisco has now introduced a new solution that integrates with their new Extended Detection and Response (XDR) solution with Cohesity’s DataProtect and DataHawk offerings.

Cisco’s XDR system is a cloud-based platform that combines multiple security products and telemetry sources to detect, analyse, and respond to threats across the network and endpoints. As Cisco announced the General Availability of their XDR platform, they also announce that they have added ransomware detection and recovery support to their XDR system, enabling Security Operations Center (SOC) teams to automatically protect and restore business-critical data in the event of a ransomware attack.

This feature is made possible by integrating Cisco’s XDR system with Cohesity’s DataProtect and DataHawk offerings, which are well established and trusted, infrastructure and enterprise data backup and recovery solutions. These provide configurable recovery points and mass recovery for systems assigned to a protection plan and can preserve potentially infected virtual machines for forensic investigation and protect enterprise workloads from future attacks. 

Cisco said that the exponential growth of ransomware and cyber extortion has made a platform approach crucial to effectively counter adversaries. It also noted that during the second quarter of 2023, the Cisco Talos Incident Response team responded to the highest number of ransomware engagements in more than a year.

The integration of Cisco’s XDR system and Cohesity’s solutions is designed to help Security Operations Centre (SOC) teams and IT to automatically detect, snapshot, and restore business-critical data at the very first signs of a ransomware outbreak; often before it has had a chance to move laterally through the network to reach the high–value assets.

In the announcement, Cisco and Cohesity said that they already have a long-standing partnership, with over 460 joint customers. Cisco have said that the Cohesity Cloud Services package will also be able to be sold by their Cisco channel partners like Cisilion later in 2023. The Cohesity Cloud Services include data security and management as well as threat defense, data isolation and backup/recovery. Cisco have also said that the software can be deployed and hosted on both Microsoft Azure and Amazon Web Services (AWS) via their marketplaces.

This brings more features to Cisco’s XDR service (a competitive landscape where they compete against the likes of Microsoft, Sentinel One and Palo Alto) and brings together a myriad first-party Cisco, and third-party security products to control network access, analyse incidents, remediate threats, and automate response all from a single cloud-based interface. The offering gathers six telemetry sources that SOC operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS, Cisco stated in the announcement.

Part of Cisco’s growing Security Portfolio

The Cisco Security portfolio is a comprehensive set of solutions that work together to provide seamless interoperability with your security infrastructure, including third-party technologies. Their growing portfolio covers various aspects of security, such as network security, user and endpoint protection, cloud edge, advanced malware protection, email security, web security and workload security. The Cisco XDR system is part of this portfolio and integrates with other Cisco products and services to detect, analyse, and respond to threats across the network and endpoints.

Cisco XDR system can leverage the threat intelligence from Cisco Talos – the cloud-based platform known as Cisco SecureX, as well as the backup and recovery solutions from Cohesity to provide a powerful and proactive defense against ransomware and other advanced threats. Cisco XDR system also supports third-party integrations with other security vendors, including Microsoft, Splunk and many others.

Cisco have, and continue to invest heavily in their end-to-end security portfolio and their XDR solution (as of December 2022) is on the cusp of moving into the Leaders Quadrant in the Gartner Magic Quadrant for Endpoint Protection.

Cisco's XDR play competes against other industry leading XDR vendors including Sentinel One Microsoft Defender, Crowdstrike Falcon, Palo Alto Cortex XDR and Trend Micro Vision One.  

Cisco are on the verge of become a leader in the Gartner Magic Quadrant for Endpoint Protection.

Conclusion

Ransomware is a serious threat that requires a comprehensive and proactive solution. Cisco’s XDR system, integrated with Cohesity’s DataProtect and DataHawk offerings, provides a powerful way to detect, prevent, and recover from ransomware attacks.

For organisations with a fragmented security portfolio and those heavily invested in Cisco infrastructure, Cisco’s XDR can be an excellent choice for organisations that need to increase visibility and simplify the detection and remediation time with the integration of XDR with the rest of their Cisco Security portfolio – enhancing the visibility, automation, and effectiveness of security operations.

Posted on

Microsoft announces new Managed ‘Security Experts Services’ to ramp up fight against cybercrime

Microsoft’s security business is growing faster than any of their other mainstream products and services, and today they announced they will be adding three new services designed to help organisations spot and respond to cybersecurity incidents.

Here’s the TL;DR version.

  • Microsoft are bolstering their security services offerings to go along with its technology products and partners.
  • Security is the fastest-growing broad product category for Microsoft.
  • Microsoft are increasing annual research and development spend in cybersecurity from $1 billion to $4 billion (more than any other security vendor anywhere).

The new services will see Microsoft’s own cyber security experts providing hands-on, proactive threat hunting for organisations unable to fully build out their own SOC due to the global security skills shortage and cost.

Keep reading to learn more…

This new announced investment comes as we see increasing reports from industry analysts on the continued increase in cyber security budgets globally as organisation continue to invest in protecting against the ever-increasing threat of ransomware attacks, identity theft and network hacks. 

Attacks are getting smarter and more targeted

Cybercrime attacks are continuing to rise and get increasing sophisticated, costing the world’s businesses $6 trillion USD last year, with that number expected to rise to $10.6 trillion in 2025.

According to Microsoft, “most human-operated ransomware attacks share some common traits, as attackers take advantage of an organization’s reliance on legacy software configurations or poor “credential hygiene” to gain entry into systems, and once in to find privilege escalation points to move through systems and carry out attacks.“.

Whilst identity hygiene is improving many organisations still do not get the basics right with poor identity protection, lax controls, no (or patchy) MFA and a disjointed and fragmented approach to security rather than a Zero Trust ‘defence in depth mindset’

Guarding single points of entry is not enough anymore, and a system or systems of managed extended detection and response (MXDR) is helping to help companies take a step back and look to guarding overall systems rather than focusing on locking down network ports or domains etc. “, Microsoft said in their latest security blog.

What is Microsoft Security Experts?

Microsoft Security Experts is a newly announced set of human, AI and software led services they will offer to organisations which will provide managed security services without them needing to build everything in house.

Microsoft Security Expert Services

Whilst just the start, the three new security managed services include Defender Experts for Hunting, Defender Experts for XDR, and Security Services for Enterprise.

  • Microsoft Defender Experts for Hunting.
    • This involves Microsoft Security engineers hunting and altering organisations of issues they proactive hunt in clients’ devices, Office 365 productivity software installations, cloud apps and identity platforms programs.
    • This will put Microsoft into a more direct competition with pure-play security software companies such as CrowdStrike.
    • Cost is circa $3 pupm.
  • Microsoft Defender Experts for XDR.
    • This is a more people intense service that will see Microsoft Security Experts helping organisations act on threats. Microsoft say that this type of work is typically done by a variety of different organisations today, including the big four accounting firms.
    • Cost is $14 pupm.
  • Microsoft Security Services for Enterprise
    • This service includes an even broader set of people-driven services.
    • It aims to be more specific and customised to the needs of large enterprise organisations.
    • It’s set to help elevate the global security skills and people challenge which affecting almost every organisation.
    • Costs are bespoke to each organisation.

Microsoft and Security

Security is already a $15 billion annual business for Microsoft, and in 2021/22 it has increased faster than any other significant product or service that Microsoft sold – up 45% YoY.

Microsoft is of course no new kid on the block when it comes to cyber defence, and last year blocked over 9.6 billion malware threats and 35.7 billion malicious emails as well taking down several huge state nation attacks.

Microsoft believe that they are uniquely positioned to help their customers and partners do more to meet today’s security challenges. “We secure devices, identities, apps, and clouds—the fundamental fabric of our customers’ lives – with the full scale of our comprehensive multicloud, multiplatform solutions. At Microsoft, we understand today’s security challenges because we live this fight ourselves every single day“.

Microsoft’s CEO Satya Nadella had already announced last year that their annual cyber security research and development spending is increasing to a staggering $4 billion, up from an already huge $1 billion.

What about the role of the Microsoft Partner?

Details are still emerging about how partners that sell security consultancy, enablement, training and of course managed extended detections and response (XDR) will be able to leverage these and build on their services.

Microsoft has said in their Yammer partner community site that they will be making a whole new set of investments in partners to help advance (or build) their managed extended detection and response (XDR) services business.

Growth and demand for Managed Security Services

According to Gartner, demand is on a fast growth trajectory, and more than 50 percent of organizations will be using managed detection and response (MDR) services for threat monitoring, detection, and response functions that offer threat containment and mitigation capabilities by 2025.

Microsoft say that their Partners will play a critical role in addressing this incredible customer demand.

Proudly powered by WordPress