It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns.
In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes obsolete, often overnight.
This combination usually results in one of two things – organizations make less than ideal choices about the software and tools they're adding, or security leaders simply cannot stay abreast of new developments and opt to stay put with their existing stack.
The problem is that once you let one update pass you by, you're suddenly miles behind. A new eBook from XDR provider Cynet (download here) offers insights into factors that are clear signs organizations need to upgrade their detection and response tools to stay with the times.
The eBook highlights several factors and questions that companies can ask themselves to determine whether they are okay with the level of security they have, or if they should upgrade their detection and response capabilities.
Looking for signs
There's a variety of reasons why an organization's detection and response tools might need a refresh, ranging from the critical to the less obvious.
One of the first signs, however, is clear for most organizations – the number of alerts they must sift through daily.
Today's security stacks produce thousands of alerts daily, forcing many teams to pick and choose which they can investigate and for how long. As a result, critical alerts are prioritized, but they only make up a small percentage of the total amount.
Ideally, an organization should explore every alert – even the false positives. The inability to cope with alerts, or simply reduce the number of alerts, is a clear indicator that organizations should upgrade their security stack.
The eBook also takes aim at security stacks and tools that require dozens of add-ons and extensions to operate adequately.
For many organizations, installing and setting up a new EDR includes the process of finding the extensions that offer the tools necessary. Even worse, in some cases, add-ons are required simply to provide baseline services. On the other hand, the eBook argues, XDRs come set up out of the box to provide all the tools and features necessary to offer full functionality.
Some of the other signs you might need a new detection and response tool include:
- If only one person knows how to operate and manage an organization's EDR. Large security stacks have steep learning curves, and most organizations don't have the skills or resources to devote to training a whole team. So, a single person gets appointed to manage and orchestrate the security strategy. This is problematic for several reasons and is a key indicator a simplified tool such as an XDR can help.
- If your existing EDR suddenly claims to have upgraded to XDR, without any notable changes. A side effect of a rapidly evolving industry is that every vendor wants to hop on the next big thing – in this case, XDR. Therefore, many vendors will claim to offer XDR or "XDR-like" capabilities without actually offering a noticeable improvement or even added functionality.
- If you look longingly at deception technology, but can't afford it. Some tools are still not quite necessities, but they're valuable assets to have. The problem, as is the case with deception technology, is that it's costly and complicated to set up. On the other hand, a solution that has it included natively offers significant benefits.
You can learn more about indicators of whether you need a new detection and response tool here.