Intelligent Tech Channels Issue 61 | Page 52


Q & A


To effectively address today ’ s advanced threats , organisations require visibility and control across their entire distributed networks . And while many security solutions are limited in terms of their capabilities , extended detection and response can help fill the gap . Organisations must bring together all their security tools in a single location for enhanced visibility . For example , they can consolidate network security , endpoint security , email security and cloud security monitoring in a single platform to ensure the whole is greater than the sum of its parts . This enables channel partners to deliver a differentiated customer


offering that improves security posture while reducing security operations overhead .
Even before the implementation , when evaluating an endpoint solution , reseller partners should consider different key factors in choosing the right vendor .
First , many vendors ’ solutions do not cover the entire attack surface . Instead , they focus on securing one or a few different attack vectors individually , such as cloud , email , or endpoints and call it XDR or extended detection and response . When this is the case , XDR cannot demonstrate its true value , which lies in its ability to combine components across multiple attack vectors .
Secondly , even though they may offer a full range of security products and solutions , vendors that have acquired these components ( especially ones with large install bases ) individually over time may lack the resources and commitment for tight integration needed for higher-value analytics and automation .
Third , most vendors seem to focus on extended detection and extended response , skipping over the middle stage of investigation and validation . As a result , human security professionals still have significant effort ahead of them-especially as threat and alert volumes continue to grow .
That being the case , at the beginning of the year , we launched FortiXDR , the only solution of its kind to leverage Artificial
When evaluating an endpoint solution , reseller partners should consider different key factors in choosing the right vendor .
Intelligence ( AI ) for the investigation effort critical to incident response . Expanding on the cloud-native endpoint platform of FortiEDR , it enhances an organisation ’ s Security Fabric and the threat protection powered by FortiGuard Labs security services . Specifically , FortiXDR can fully automate security operations processes typically handled by experienced security analysts to mitigate threats faster across the broad attack surface .
Going forward , designing and executing an effective incident detection and response strategy requires talented security professionals . But this is difficult due to a security skills shortage . According to the 2019 Cybersecurity Workforce Study conducted by ( ISC ), over four million new cybersecurity workers are currently needed to meet global demand . And forecasters predict that this gap will only continue to widen-and just as the cyberthreat landscape grows more complex .
Consequently , if organisations fail to fill key positions quickly , the resulting coverage gaps will weaken endpoint security and increase workplace stress for existing staff . On the other hand , hiring inexperienced candidates can lead to costly mistakes such as spotty deployment of critical security updates and misconfigurations that generate huge numbers of false positives .
With that in mind , organisations should look for an XDR solution that has been augmented with AI trained to automatically investigate alerts . That AI system should be able to establish the context of a potential incident , perform a thorough investigation , identify its nature and scope , and ideally provide enough detail to speed response . A well-trained AI system can perform this function in a matter of seconds and scale much easier and affordably than finding and relying on scarce human investigators .
52 www . intelligenttechchannels . com