Security News > 2021 > August > Can XDR bring the kill chain back to its roots?
Today's higher-value attacks are often iterative, trial-and-error affairs, where attackers try different tactics on different portions of an organization's externally exposed attack surface.
XDR was designed to unite all the traditionally siloed security systems that look only at one portion of attack surface or infrastructure, integrate their data, and correlate it to gain a way of finding an in-progress attack early and curtailing it.
Now that XDR has steadily gained momentum as a way to address the gaps and deficiencies in what is otherwise a silo-laden approach to security, it's time to reconsider the kill chain and establish practical strategies and methodologies in terms of how attacks and attackers can be defeated.
Ideally, the kill chain provides a "You are here" view of an attacker that is useful in understanding the stage, severity, and potential next steps of an attack, as well as ones already transpired.
Although XDR alerts should be fewer in number and more precise, up-leveling individual alerts into a broader incident substantially eases the work for a security team to respond to early signs of an attack.
The point of a kill chain is not so much the chain, as it is the "Kill." Organizations desperately need game-changing strategies, procedures, and technology to begin to seriously flip the odds on an attack.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/v-4XyZp6KO4/