SMEs are the companies that suffer the most from cybercrime. According to the data reflected in the ‘Cyberpreparation Report’ of the insurer Hiscox, 45% of Spanish small and medium-sized companies fail in cybersecurity and are considered to be cybernewbies, a percentage that is above the figure for European countries such as Germany (34 %), the Netherlands (37%) or France (38%). All this in a scenario in which the growing scale of cyber attacks and more sophisticated threats have increased, so SMEs must opt for more advanced protection solutions, moving from the use of EDR solutions to XDR, improving monitoring, visibility, analysis at all layers of security and response in real time. In this sense, GOWtech experts warn that “not all XDRs are the same. In the market we can find SIEM Platforms relabeled as XDR, completely separate network discovery, registry or endpoint solutions bundled as XDR or also a combination of traditional SIEM and SOAR products”.
SMEs must opt for more advanced protection solutions by moving from the use of EDR solutions to XDR
Isidoro López-Briones Santos, head of digital technology strategies at the technology company adds: “An XDR must be able to cover not only Endpoint and Red, but also other sources of detection and context, a shared detection layer with integrated detections is needed, given that separate products do not constitute a solution, have the ability to provide an integrated response, both automatic and manual, that carry recommendations and an experience for analysts that integrates the different layers so that the analyst’s work does not increase proportionally to the information which is collected”. For all this, the Murcian technology company GOWtech joins this evolution and will work with XDR tools as part of the cybersecurity solutions it offers to provide greater coverage. “It is vitally important to introduce a solution with XDR, which allows for better decision-making and reduced response times, which is crucial in attacks, given the limitation of analysis and responses to EDR threats.” These experts highlight five key aspects for which the XDR solution is specially designed: 1. Shared detection layer. The XDR platform must be built on a shared detection layer, which allows threats that may arise during the process to be easily found, allowing analysts to correct the incident as soon as it has been identified. 2. Ensuring the entire “Kill Chain” process. XDR solutions are capable of detecting threats that occur in the public cloud, and even at a higher level as a network attack, allowing threats to be detected faster and at an early stage, unlike EDR solutions that could only detect cyber attacks in the end stage. Early detection of the problem means much more extensive coverage, a great advantage for security analysts who are able to identify attacks in the early stages. 3. Identification of related incidents. The XDR solution is capable of creating a more precise vision of the threat, allowing the cybersecurity department to react in much less time. 4. Greater responsiveness. Greater coverage at any point in the process is necessary to respond to attacks early in the problem, and the ability to gather more information about threats leads to faster response time. 5. Take care of the user experience. Beyond the effectiveness in cybersecurity, XDR solutions must also have functionalities that are easy for the user to understand, but at the same time, these solutions must delve into details, files or functional systems that allow a complete and explicit analysis of the incident. “It is already a reality that SMEs have realized the importance of investing in cybersecurity and are moving towards implementing XDR solutions and services in their operating systems for fear of suffering threats or cyberattacks in their business operations”, maintains Isidoro López Holy Briones.