One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8420211 |
| Date de publication | 2023-12-08 06:00:37 (vue: 2023-12-08 16:07:51) |
| Titre | Protéger les identités: comment ITDR complète EDR et XDR pour garder les entreprises plus en sécurité Protecting identities: How ITDR Complements EDR and XDR to Keep Companies Safer |
| Texte | Defenders who want to proactively protect their company\'s identities have no shortage of security tools to choose from. There are so many, in fact, that it seems like a new category of tool is invented every few months just to help keep them all straight. Because most security teams are finding it increasingly difficult to stop attackers as they use identity vulnerabilities to escalate privilege and move laterally across their organization\'s IT environment, some of today\'s newest tools focus on this middle part of the attack chain. Endpoint detection and response (EDR) and extended detection and response (XDR) are two tools that claim to cover this specialized area of defense. But unfortunately, because of their fundamental architecture and core capabilities, that\'s not really what they do best. That\'s why a new category of tool-identity threat detection and response (ITDR)-is emerging to fill the gaps. In this blog post, we\'ll explain the difference between EDR, XDR and ITDR so that you can understand how these tools complement and reinforce each other. They each have strengths, and when they\'re combined they provide even better security coverage. But first, let\'s rewind the cybersecurity evolution timeline back to the 1980s to understand why ITDR has emerged as a critical defense measure in today\'s threat landscape. The rise of antivirus software and firewalls We\'re starting in the 1980s because that\'s the decade that saw the advent of computer networks and the proliferation of personal computers. It also saw the rapid rise of new threats due to adversaries taking advantage of both trends. There were notable computer threats prior to this decade, of course. The “Creeper” self-replicating program in 1971 and the ANIMAL Trojan in 1975 are two examples. But the pace of development picked up considerably during the 1980s as personal computing and computer networking spread, and bad actors and other mischief-makers sought to profit from or simply break into (or break) devices and systems. In 1987, the aptly named Bernd Robert Fix, a German computer security expert, developed a software program to stop a virus known as Vienna. This virus destroyed random files on the computers it infected. Fix\'s program worked-and the antivirus software industry was born. However, while early antivirus tools were useful, they could only detect and remove known viruses from infected systems. The introduction of firewalls to monitor and control network traffic is another security advancement from the decade. Early “network layer” firewalls were designed to judge “packets” (small chunks of data) based on simple information like the source, destination and connection type. If the packets passed muster, they were sent to the system requesting the data; if not, they were discarded. The internet explosion-and the escalation of cybercrime The late 1990s and early 2000s witnessed the explosive growth of the internet as a key business platform, kicking off an era of tremendous change. It brought new opportunities but also many new security risks and threats. Cybercrime expanded and became a more formalized and global industry during this time. Bad actors focused on developing malware and other threats. Email with malicious attachments and crafty social engineering strategies quickly became favorite tools for adversaries looking to distribute their innovations and employ unsuspecting users in helping to activate their criminal campaigns. As cyberthreats became more sophisticated, defenders evolved traditional detective security tools to feature: Signature-based detection to identify known malware Heuristic analysis to detect previously difficult to detect threats based on suspicious behavioral patterns All of these methods were effective to a degree. But once again, they could not keep in step with cybercriminal innovation and tended to generate a lot of false positives and false negatives. Enter the SIEM Around 2005, security information and event management (SIEM) tools emerged to enhance |
| Envoyé | Oui |
| Condensat | 1971 1975 1980s 1987 1990s 2000s 2005 2013 ability about access according account achieve across act actions activate active activities activity actor actors actors will adjacent adopting advanced advancement advantage advent adversaries affected again against aggregate ago alert all already also amiss analysis analyst analytic analyze animal another antivirus anton applications approach approach: approaches aptly architecture are area aren around arrives ask assets attachments attack attacker attackers attacks authentication awareness back bad based became because become before behavior behavioral benefit benefits bernd best better between blog boost born both bottom breach break brings brought business businesses but calling campaigns can capabilities catch categories: category cause chain chance change changes changing choose chunks chuvakin claim class clients close cloud coined coining collected collecting combined comes common companies company complement complementary complements complex complexity compliance components comprehensive compromise computer computers computing concept connection connections consider considerably containment content continuous continuously control controls core correlates could course cover coverage crafty create credential credentials credited criminal critical crown current cyber cyberattacks cybercrime cybercriminal cybersecurity cyberthreats damage data data; datasets days dealing decade deception deceptive defend defenders defense defenses degree describe designed desktops destination destroyed detect detected detection detective developed developing development devices difference difficult digital directories directory discarded discover discussion distribute dominate don door down due during each earlier early ecosystem edge edr effective efficiently email emerged emerging employ enable enables enabling endpoint endpoints engineering enhance enhanced enough enter entire environment era escalate escalation escalations especially even event every evolution evolved exactly example examples existing expanded expands experienced expert explain explains explosion explosive exponentially exposed extended fact false fast faster favorite feature: file files fill find finding firewalls first fix focus focused forensic forensics formalized former from fundamental future gain gaps gartner generally generate german get gives global goal growth halt has have help helping helps here heuristic host how however hybrid identification identify identities identities: identity important improve improved incident incidents includes includes: including increasingly incredibly individual industry infected information innovation innovations inside install instance integrate integrates interact internet introduces introduction invented investigate investigation iocs isolate isolation issues itdr jewels judge just keep keeping key kicking know known landscape large late lateral laterally layer layers layer” learn legitimate let like like: limitations limited locking log long longer look looking lot major make makers making malicious malware malware management many may maze measure measures methods mfa middle mischief misconfigured modern monitor monitoring months more most move movement moves moving multifactor multiple muster named ndr need needs negatives network networking networks new newest next not notable notably objectives off offer offering offers threat once one only opportunities organization or indicators other otherwise out outcomes over pace packets pam part passed past pathways patterns people perimeter personal phishing picked place places plan plant platform position positioned positives possibilities post posture potential practices prevent previously primary prior privilege privileged proactive proactively processes profit program proliferation proofpoint protect protecting protection proven provide provides providing quickly random range ransomware rapid rather ready real really reduce refers reinforce related relevant remediate remove replace replicating repositories requesti |
| Tags | Ransomware Malware Tool Vulnerability Threat Studies Cloud |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.