Scribd
Upload
59 views

Information Overload Presentation Slides

The document discusses the problem of information overload in cybersecurity and the proliferation of security tools. It analyzes different security solutions like EDR, NDR, TDR, XDR and MDR and notes the tradeoffs of each approach. The document also highlights lessons from past security incidents to emphasize the importance of effective response over just deploying more tools.

Uploaded by

Arfat
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
59 views

Information Overload Presentation Slides

The document discusses the problem of information overload in cybersecurity and the proliferation of security tools. It analyzes different security solutions like EDR, NDR, TDR, XDR and MDR and notes the tradeoffs of each approach. The document also highlights lessons from past security incidents to emphasize the importance of effective response over just deploying more tools.

Uploaded by

Arfat
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Information Overload:

Untangling the Complex


Security Web
Christopher Fielder
Director of Product Marketing
Humans have
become the tools
of their tools
Henry David Thoreau
An Abundance of tools has
led to a cybersecurity
effectiveness problem.
Acronym Bingo

• EDR • EPP • DLP • UTM • GCP


• XDR • NGAV • DPI • IPS • AWS
• MDR • CASB • VDN • MDM • NAC
• TDR • IAM • BDS • WAF • NIDS
• NDR • VPN • PCAP • NGFW • DWS
• SIEM • UEBA • TLS • MFA • ATP
• SOAR • PAM • IOC • MCM • GRC
• NTA • ZTN • IOT • MVM • CWP
• IDS • SAML • SOC • ITSM • ITD
©2021 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public | Confidential | Restricted
What are we looking for?

XDR
The future combination of

NDR telemetry points


TDR
A View of the Network An emphasis on threats

3
2 4
EDR MDR
Focus on the Endpoint The expertise to swing the
hammer

A world of
1 Detection and 5
Response
©2021 Arctic Wolf Networks, Inc. All
rights reserved. Classification:
Public | Confidential | Restricted

5
SOLUTIONS

Endpoint Detection and Response


(EDR)
Considerations

Key Features
• Focus is on the Endpoint
• Revolutionized Endpoint Security
• Effectiveness is dependent upon
• Record it all and let the SOC sort it out
deployment percentage
• Enables faster investigations and hunting
• Can be confused with EPP
• Customizable in many circumstances

©2021 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public | Confidential | Restricted
SOLUTIONS

Network Detection and Response


(NDR)

Key Features Considerations

• Broader visibility
• WFH has removed the perimeter
• Not dependent upon agent deployment

• Macro focus on detections


• Still requires EDR

• Allows for “Gatekeeping” actions • Lack of granular visibility

©2021 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public | Confidential | Restricted
SOLUTIONS

Threat Detection and Response


(TDR)
Considerations

Key Features
• Recording starts from a detection
• Attempts to solve the EDR Storage problem
• Difficult to use for threat hunting
• Designed specifically to detect threats


• Limited use and support
Better approach for novice users

• Strong analytics focus • Analytic TDR requires a Data lake

©2021 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public | Confidential | Restricted
SOLUTIONS

eXtended Detection and Response


(XDR)
Considerations
Key Features
• Inconsistent standards and
• Should be a single console approach definitions
• Should allow for additional telemetry ingestion
• Buyer Beware of buzzwords
• Learned from the mistakes of EDR, NDR, and SOAR

• The next evolution of tools

©2021 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public | Confidential | Restricted
SOLUTIONS

Managed Detection and Response


(MDR)
Considerations

• Range of providers offering


Key Features
differing services
• Focus on the outcome, not the product
• Some providers require a
• Should be vendor neutral consolidated stack
• Does not require a learning curve • Understand MDR vs eMDR
• Solves the effectiveness problem

©2021 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public | Confidential | Restricted
Lessons Learned

2013 2017 2019


Target Confirms Equifax Announces Hackers Gain Access to
Unauthorized Access Cybersecurity Incident 100 Million Capital One
to Payment Card Data in Involving Consumer Credit Card Applications
U.S. Stores Information and Accounts

A security product detected the Flaw was known by vulnerability Misconfiguration in cloud service
threat, but nobody responded to management tools, but the patch went unnoticed despite availability of
the alert. was never installed. monitoring products.

©2021 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public

11
A tool is a tool

©2021 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public | Confidential | Restricted
Thank You

©2021 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public | Confidential | Restricted
Questions?

You might also like