How unified XDR platforms enhance security protection for the enterprise
Credential theft and forgery are among the leading stealthy cyber threats. The 2014 eBay breach that exposed the personal details of 145 million users is one of the high-profile cases of such surreptitious cyber-attacks. Bad actors obtained the usernames and passwords of legitimate users to steal information and compromise the organization’s database.
What makes credential theft and forgery more serious than most other cyberattacks is that the illicit access to systems or databases usually remains unnoticed for a long time. A successful attack is difficult to detect and resolve. In the case of the 2014 eBay incident, the hackers managed to maintain complete access to the user database for 229 days.
Cyberattacks are evolving, which makes it increasingly difficult to track and prevent. Traditional security systems will no longer suffice. Businesses need something capable of scanning multiple security layers and providing the necessary detection and prevention functions across endpoint, network, and user activities. An extended detection and response (XDR) platform is necessary.
Evolving attack sophistication
How do hackers steal credentials? There are many ways. It could be through keyloggers, phishing, malware, or a combination of these methods. A sophisticated attack employs different strategies that entail persistence, infection of the endpoint, and some form of social engineering.
One recently reported attack that demonstrates the kind of sophistication traditional security systems are unable to prevent is Forelord, a credential-stealing malware mostly detected in the Middle East. The activity of this cyberattack was discovered in the period between mid-2019 and the early part of 2020. It involves the use of spear-phishing emails to distribute malware known to have come from an advanced persistence threat group based in Iran.
This attack takes on a number of steps and uses several tools on Windows endpoints to bypass the scanning tools employed by email services and endpoint antiviruses. The steps can be summarized as follows:
- The attacker sends a phishing email that contains an Excel file.
- If the user opens the ZIP attachment, a macro opens a command prompt.
- A batch file is then executed.
- The user unwittingly launches a PowerShell script.
- The Forelord malware is then executed.
- Once Forelord runs, it downloads its own tools responsible for the collection of credentials.
- Forelord tests the credentials it has obtained and establishes an SSL tunnel to enable remote access.
Stopping this kind of threat ideally starts with the prevention of the first step. This means making sure that phishing does not succeed by making sure that users know what phishing looks like and how to deal with it. Unfortunately, this is a rather tall order. Orientations and seminars on cybersecurity can only do so much.
Sophisticated defense vs. complex threats
To handle attacks that succeed through social engineering, it is advisable to use a cross-layered detection and response solution. An XDR solution establishes a reliable defense across endpoints, networks, and other areas that are prone to vulnerability exploitation. You can also find a unified XDR platform that comes with fully automated response actions to ensure that stealthy attacks are detected and promptly investigated and remediated.
An advanced XDR platform will be capable of triggering automatic investigation once suspected attacks are determined at each endpoint, user device or account, or an entire network. It can reveal the root cause and scope of the problem to make sure that it is eliminated without delays.
A basic gauge of a dependable XDR solution is its ability to provide full visibility. It is not limited to one endpoint or an instance in a user device. It has to cover different aspects of the possible attack points.
Addressing the problem of siloing
Organizations understand that most of the security solutions available at present have their limitations. As such, they end up multiple solutions to protect their networks. This is a sound enough solution, but it also opens up a potential issue in the form of security information siloing.
As an Enterprise Security Group white paper points out: "While multiple security solutions are deployed in most organizations, serious threats continue to avoid detection because data is collected and analyzed in silos." XDR provides a viable solution by aggregating and analyzing telemetry from various sources including endpoints, emails, networks, as well as cloud servers.
The ability to gather detailed telemetry from various vectors generates useful insights into ongoing attacks, which makes it possible for analytics engines to achieve more rapid detection with greater clarity. Thus, it allows security officers to respond with the right solutions promptly.
Combined with advanced features such as contextualization, XDR addresses the flaws of standard security solutions such as Endpoint Detection and Response (EDR). Contextual views entail the matching of alerts with other data to form holistic incident reports that facilitate a better understanding of a cyber threat.
Having a unified XDR platform removes siloing issues while seamlessly integrating security information gathering and creating a more dynamic alert and response system. It provides automated protection from various kinds of threats, even the newly developed complex strategies employed by resourceful cybercriminals.
Dependable security augmentation
XDR is not a perfect security solution, but it provides protection that goes beyond what standard platforms can offer. You just need to make sure that you choose that right platform for your organization. Not all XDR solutions are the same. A genuinely reliable XDR addresses the need to seamlessly aggregate data, provide a full range of telemetry, facilitate faster analysis, and allow security teams to keep up with the deluge of information.
Peter Davidson works as a senior business associate helping brands and start ups to make efficient business decisions and plan proper business strategies. He is a big gadget freak who loves to share his views on latest technologies and applications.