Interview with Daniel Bossard, Service Account Manager at Dell Technologies, on the evolution within Cyber Security
“Hello Daniel, great that you could make yourself available for an interview. With the article “Dell Technologies Addresses Modern Support and Security” on Newsopener, it has been recently discussed that with ProSupport Suite for PCs enhancements, new endpoint security offerings help prevent, detect and respond to threats and help deliver secure deployments of commercial PCs. This new offer continues to build upon Dell’s commitment of securing employees gateway for collaboration and productivity in home office environment.”
Question: Could you tell us, what Dell Technologies Cyber Security approach looks like?
“Within our Cyber Security strategy, we do talk about several components. Starting with the mentioned endpoint security, EDR Endpoint Detection and Response, a first defense line has been developed against the increasing fast-growing Cyber-attacks. In 2013, Anton Chucakin introduced the label ETDR Endpoint Threat Detection and Response on the market.
With the development of Endpoint Detection and Response, an additional layer has been added to the traditional anti-virus software and we have to understand that the occurring threads are not done by hackers, who try to attack companies in a Hollywood way.”
So, when the hacker is not a Hollywood movie-star, what are actually the real threads within Cyber Security?
“In a nutshell, we can categorize the threats in five groups: Ransomware, Phishing, Data leakage, Hacking and Insider threats. an unhappy employee with an USB stick could both transfer data to the outside, as well as introduce a software attack. If we look at the biggest threats from the past decade in 2019, social hacking, ransomware, use active cyber security monitoring, unpatched vulnerabilities poor updating, and DDoS (distributed denial of service) attack are the top 5 cybersecurity issues.
And there is another threat which is hidden in plain sight, which is Ransomware as a Service (RaaS) is a variation of Software as a Service (SaaS) if you want, a subscription-based model that allows malicious entities to use pre-developed ransomware tools to execute ransomware attacks and subsequently encrypt data in a successfully hacked environment.
Affiliates earn a percentage on each successful ransom payment sometimes even not knowing that they developed a part of a code for (RaaS)
Question: Listing to you gives me an unwell feeling and is there anything which can be done to prevent this?
“To propagate and implement security measures, this naturally requires more than just a traditional EDR, the next evolution was XDR, which stands for Extended Detection and Response.”
Question: What does XDR – Extended Detection and Response mean?
“Well on one side, this means that the focus should naturally not only be upon the endpoint, but also on the total network, storage, Backup, Server, Endpoint and email.” For this construct several market players offer excellent solutions and share their knowledge.”
Question: So, what makes XDR so particular?
“Where EDR recognize the result or action as a breach happens, XDR would discover a pattern, not only on Endpoints, but within the whole Infrastructure with results during a breach and depending on whether a certain pattern is known or similar, introduce a response,
such as a compiled notification to the Security Team which is effectively reducing a flood of information and help the Team to focus on their work rather than on white noise in their inbox.
As an example: You lock your Audi 100 and leave your car alone overnight. You waken up, while the alarm has been activated, when somebody tried to pen your car and drove away.
In comparison your new Audi e-tron GT would enable you to register the incident, activate the alarm and in case the thieve put on his belt, sends you a push notification to your phone, locks the car and the engine until the police arrives.
In the same manner, XDR would handle the breach, follow the protocols and instructions, informs the security teams explicitly and enables to administrator to exclude the endpoints in question, isolate emails in quarantine, secure cloud buckets, etc. There are several providers, which offer similar solutions and depending upon the customers’ assessment several options might be good. The key is, that the customer should have the most effective and mature software, which is easiest to use. Together with Secureworks, Dell Technologies has announced a subscribed service, which protects the customer environments against Cybersecurity attacks and remediate in the same manner.
Dell Technologies Managed Detection and Response powered by Secureworks Taegis XDR offers for example 247 security for endpoints, data center and cloud environments.”
Question: How does this managedXDR works?
“Dell Technologies Managed Detection and Response uses Secureworks Taegis XDR Software (SaaS) to monitor threats throughout the total IT environment, to detect, analyze and automate, where thread analysis experience of thousands of customers is used.
“Well, Daniel, thank you for your inside and it is a pleasure to have you interviewed.”