B2B Tech Talk with Ingram Micro
B2B Tech Talk with Ingram Micro

Episode · 3 months ago

How XDR Provides Advanced Threat Protection to Millions of Endpoints Worldwide


Bitdefender discovers around 400 new threats each minute and validates around 30 billion threat queries daily, making it one of the industry’s most extensive, real-time views of the evolving threat landscape.

What role does XDR play in that and how can it help your organization?

Shelby Skrhak talks with Daniel Daraban, Group Product Manager at Bitdefender, about:

  • How Bitdefender tracks threats
  • The pros and cons of EDR (endpoint detection and response)
  • The scope of XDR
  • What sets Bitdefender apart 

For more information, read “Want to get started with XDR? XEDR may be the best place to begin” or email Samantha Sisk (ssisk@bitdefender.com).

To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk

Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify, Apple Podcasts, or Stitcher. Or, tune in on our website.

You are listening to B to B tech talkwith ingram micro. The place to learn about new technology and technologicaladvances before they become mainstream. This episode is sponsored by ingrammicro security, strengthen your security practice. Let's get into it.Welcome to B to B tech talk with ingram micro. I'm your host shall be scarehawk. And my guest today is Daniel Durban Group product manager for a bitdefender Daniel so thrilled to have you here today. I shall be. Thank you forhaving me. Well, so today we are talking about XDR are extendeddetection and response. But first let's talk about really what you're seeingthere in your role at bit defender. So what are the threats that bit defendersanalysts are tracking and how does the company track these threats? So as youknow, the defender provides cybersecurity solutions and advancedthreat protection to hundreds of millions of employees worldwide. Andactually more than 150 leading technology brands have licensed oradded the defender technology to their product or service suffering. And thisvest om ecosystem compliments telemetry data already collected from ourbusiness and consumer solutions. Just to give you some idea on the scale, Ourlabs operations discovers around 400 plus new threats each minute andvalidates around 30 billion threat where is daily and that gives us one ofthe industry's most extensive real time views of the evolving threat landscape.Actually my colleagues compile all of this data into a monthly series calledthe defender threat debrief. They are analyzing ransomware news trends andresearch. From the previous month we...

...just released the august threat debriefcovering amongst others the are evil ransomware gang. And each month weupdated the top 10 ransomware families split by countries and industries wherethey are active by the way. Anyone who's interested in reading the seriescan easily find it on our business insights blog uh business insights thatto be defender.com. Well so you know, being able to track these in you know,in your labs and and detecting them and then being able to respond to them.That's clearly the name of the game here. So let's talk about E. D. R. Orin point detection and response. So Daniel, what is the promise of er andare there, you know, pros and cons are their shortcomings to er scope. Thisactually made me chuckle a bit because the first thing that came to my mindwas the initial promise of er I think four or five years ago all of yourcybersecurity challenges will be addressed by video right? And that inreality it took some time as it er had to mature and to prove its value. Buttoday it er is a key component of a solid security architecture and iscritical, especially when we're talking about fighting targeted and complexattacks. I would say that its main strength might be also one of its mainshortcomings in today's landscape because it solely focuses on theendpoint. So even if everything started with the endpoint, the recent changesin the threat landscape have four security teams to gain visibility intodifferent other points of the organization. So I would say that it isthe perfect foundation to go towards XDR. So then is it fair to say thenthat XDR is the maturation or next...

...generation of E d R and what are thekey differences between XDR and er, aside from just the fact that he D R,it's right there in the name, it's in point only really. So from myperspective, XDR is set to widen the scope of DDR and cover critical assetsand services of the anti environment. It can cover identity services,different collaboration platforms, cloud platforms and all other servicesthat are touched on a day to day basis. And the main objective is to unifysecurity relevant end point detection with the limit me from other servicesthat users interact with. So collecting this telemetry for me and for us hereat the defender has a clear goal to use it in support of detections rather thanjust collecting telemetry simple for the sake of doing so and hoping ananalyst can make use of that telemetry and also, I would not say that idea andXia are completely different. Again, think of it like this, XDR uses thealready proven usefulness of DDR and extends it across the organization,allowing the security analysts to reduce the time that they need to spendon investigating a threat. So what specifically is the scope of XDR, whatall can it cover? So basically it can cover everything from endpoint tonetwork to identities to the cloud because the cloud again, we are seeinga lot of finally seeing the accelerated migration towards the cloud coming withthis pandemic. Right, Right. Absolutely. Well, so when we shift the focus to bitdefenders XDR, what sets it apart, we actually listen to our customers andyeah, I know that might sound cheesy but he would be surprised how manyother companies don't do it. And let me...

...give you a bit of insight on that. AndI'll start off by saying that from the beginning we never looked at XDR as arace to just add the data sources, push them in a data lake and let thecustomer figure out what is useful for them, you know, the saying garbage ingarbage out, right. And honestly words I can't really describe how happy I waswhen I completed the 1st 10, 15 calls with different customers or prospectsand seeing that they are reaching the exact same conclusion. We actually rana next year early access program and that allowed us to get an even betterconsolidated view from all of the companies that participated in it. Ithink we went over 100 calls with different size companies in the past8-9 months and came together to the conclusion that delivering anddeploying a full blown next year in that environment. In reality requiresan intermediary step to allow them to prepare for the change to embrace itand fully benefit from it instead of just simply forcing it. And this is howwhat we call extended idea was born as everybody we talked to were curious butthey wanted to start slow and add new telemetry sources at their own pace.And so really the, the evolution of XDR was a collaboration with customerslistening to what their needs were and what their concerns are right.Absolutely. So I was blessed and I'll give you a personal note on this. I wasblessed about eight or 10 years ago to have a manager that really showed mehow to listen to the customer and to get their feedback and understand whatthey actually need and how to translate that into a product. And this is whatme and my team are doing here because we are in constant customerconversations trying to understand what...

...are the actual problems that thecustomers are facing and not just, hey, let's give them, I don't know differentdata source and we are done. No, that that's not the right path to go to. Sowithin bit defenders XDR um, I understand that there's network sensorsand in various alerts. Can you could, you could have expand on what thosealerts are and I guess why that's important. So first let me start withthe fact that we are offering integrated detection and responseacross the three major operating systems. So Windows Linux and mac andof course hybrid environments, public and private, cloud and on premises. Weare leveraging data coming from endpoints, network servers, containersand cloud workloads allowing extended DDR two centrally correlate both rawand security generated events in order to provide an organizational level rootcause analysis as well as the response. And as I keep mentioning, we arecontinuously talking with different skilled organizations. What we want todo is we want to greatly improve the ability for those without full timesecurity analysts to detect attacks that would go unnoticed by analysis anddetection on individual endpoints in isolation and for those organizationsthat have the manpower and the skills we want to augment the existing toolsor Seymour assault in order to actually help reduce the attacker dwell time.And besides crossing point correlation, we are also providing to our customersthe ability to deploy our network sensors in their environment. Thesenetworks sensors, they come as virtual appliances and the data that theyproduce is used in building our extended incidents. They providevisibility into both managed and unmanaged devices roaming in thenetwork, meaning that even for those...

IOT devices where you cannot install anagent, we have visibility into those. Let's say that an attacker comes inyour network VR and one device that doesn't have an agent, we havevisibility into the communications for that particular device due to ournetwork sensor and honestly the best thing out of all of this. Well, it'sthe fact that when we released this extended the they are, it came at noextra cost to your customers that had idea. And the network sensor is inearly access until the end of the year, which basically makes it free. So youtouched on something that I think is important and that's the the size of anI. T. Staff and within its security team a lot. I mean depending on thesize of the company, you know, that could be one person for uh you know,for each sub element of technology or it could be one or two people for theentire organization. So how does the defenders XDR help those, thoseorganizations that are already stretched so thin and not able tohandle the alerts and the monitoring that needs to be done ordinarily. Soour extended that they are actually takes into consideration the low levelalert. The medium level alerts and the high level alert correlates all ofthose together and provides an extended to root cause analysis in the form of agraph where the security analysts can actually see, hey, this has happenedacross multiple land points for example and all of the alerts that are relatedto uh certain endpoint or to those certain points by the way, if forexample, we are seeing the same activity on multiple land points. Wegroup them together just to make things easier for the security analysts tounderstand, hey, this is the overall...

...picture. If they want to drill downinto more details, they have the possibility to drill down directly intothose DDR incidents from the extended incident graph. And I'll just, I'lljust go back to one second to to your question because it was very funny whenwe started discussing about XDR with our customer base and with differentprospects and I have to admit that The first question that I asked was okay.So how are you guys trudging your alerts? Are you looking into high alertcritical alerts? How about medium and laws and the majority of them said,yeah, everything that is critical is mandatory. We look at it. Everythingthat is high, it's on a best effort basis and everything that is medium orlow is just honestly skip. All right. So this is one of the major problemsthat not only our customers, but I think the entire cybersecurity space isfacing, first of all, the lack of people and then just alert fatigue.Right? And that that's that's exactly what it is. Is that, you know, when youget so much incoming one, it can feel like you are that there's all thesehits coming in and you don't really know which to respond to that, you know.Yes, absolutely. The critical ones, but those, those lower alerts, that mightactually be the beginnings of something, there's just not enough hours in theday. Right. Absolutely. Absolutely. And those low level dealers can be forexample, g entry point into your network. Right. It can be, I don't know,maybe a vulnerability that somehow you just overlooked. Right, not for lack oftrying, it's just there's so many, there's so many places to look thatit's going to happen sometimes.

Absolutely. Absolutely. And as youmentioned 24 hour day, I know everybody wants a 48 hour day but it is what itis right, right. We'd be even more exhausted than we are now. Absolutely.Well, so when we start to look ahead at what we're seeing, I mean the Labourshortage, the amount of attacks that are coming in, what would you say iskind of on the horizon for cybersecurity and the next you know,6-9 months I'll tell you that we just had a discussion with our customeradvisory board last week on a very similar topic. So I can tell youdirectly from the trenches what all of us here is happening in, I would say inthe next month and we touched upon three major topics. One was zero trust,which is gaining more and more attraction due to the pandemic andconstantly increasing number of security incidents just like we we'vementioned XDR is moving a bit outside of just being a buzzword and we can seepeople are getting familiar with the terminology. So they are finally askingfor the right or useful capabilities from the product themselves and nolonger just accepting what some vendors wanted to bundle and sell also the badguys. Well they will continue to have no rest. I mean that's that's a givenposition. Time is over actually had a call with our lab steam this morningand we were talking about some intense weird activity that they are seeingaround some ransomware gangs in I would say the past two weeks. So that issomething that the guys are definitely interested in to understand why arethose bad actors doing those kinds of things. But for now I cannot discloseanything on that topic. Just we'll have...

...to have you back on when you can getthat stuff. No problem. I'm sure that we'll have a paper or a blog post orsomething like that on those particular activities. Yeah. Also as we uh as westart to wrap up this episode along the same lines of the last question I askedyou but we always ask our our guests where do you see technology going? Soin the next year where is cybersecurity headed? Honestly, I wish it would endalready but in 2022 the COVID-19 pandemic will continue to impact ourlives in many ways and um this means that we will continue to see also anaccelerated rate of digitalization and digitalization of business cities andof the entire business and society and of course with that comes the growth oflarge data repositories and whenever you have important data, bad actorswill be present there. And as with every year I would say there will benew claims of ai some exaggerated, some true. And also I am seeing as Imentioned in um as I replied to one of your previous questions, I'm seeingmore and more people interested in migrating to the cloud. So thatactually makes me think that the cloud migration is finally finallyaccelerating and I can also mention that and this is a bit outside of cybersecurity but for me on a personal and well maybe let's call it semi workrelated topic. I am keeping my eyes on note code platforms that can be usedfor both good and bad things. What's an example of that? So, good thing is theshortage in software developers where you can actually develop a certainapplication faster without having to write actually, I wouldn't say zerolines of code but the bare minimum and...

...a bad thing is that if you get yourhands on such an application, it's very easy for you to automate things andagain develop different apps that can do bad things. So yeah, this issomething that we are looking into also the lab steam of course they are, Iwould say one step ahead of the industry and they are looking atquantum computing, how to secure things there. We actually had a webinar, Ithink it was earlier this year, If I remember correctly when the head oflabs explained what we are doing there. Hmm, interesting. Well uh fascinatingstuff. Daniel, I appreciate all of that information. If our listeners want tofind out more about what we talked about today, how can they reach out sothey can reach out directly to Samantha? Sisk here at the defender. Me inparticular, I'm always open to discuss directly with any customer or prospect.So if there is anything that I can help with, please don't hesitate to engagefirst with Samantha and trust me, she will get me up to speed and get me inthat call. Also, as I mentioned, we have the business insights blog whichis very good and useful in terms of uh different articles and deep dives intosome of the attacks and as always it's there is the defender dot com businesssection. If somebody wants to try out some of the products, they can easilysign up for a, for a free trial there. Fantastic. Well, Daniel, thank you somuch for joining me. Thank you very much for having me was a pleasure. Well,and thank you listeners for tuning in and subscribing to be, to be tech talkwith anger and Micro. If you liked this episode or have a question, please jointhe discussion on twitter with the hashtag B two B tech talk until nexttime I'm shall be scared Talk. You've...

...been listening to B to B Tech Talk withingram Micro, hosted by Kerry roberts. This episode was sponsored by ingramMicro Security. B two B Tech Talk is a joint production with Sweet Fish Mediaand ingram Micro. To not miss an episode, Subscribe today to yourfavorite podcast platform.

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (351)