Interview with Daniel Bossard on the evolution within Cyber Security

Quinten Ockers interviews his SAM colleague, Daniel Bossard, on the evolution from EDR - Endpoint Detection and Response to XDR - Extended Detection and Response.

Interview with Daniel Bossard, Service Account Manager at Dell Technologies, on the evolution within Cyber Security

Quinten Ockers:

“Hello Daniel, great that you could make yourself available for an interview. With the article “Dell Technologies Addresses Modern Support and Security” on Newsopener, it has been recently discussed that with ProSupport Suite for PCs enhancements, new endpoint security offerings help prevent, detect and respond to threats and help deliver secure deployments of commercial PCs. This new offer continues to build upon Dell’s commitment of securing employees gateway for collaboration and productivity in home office environment.”

Question: Could you tell us, what Dell Technologies Cyber Security approach looks like?

Daniel Bossard:

“Within our Cyber Security strategy, we do talk about several components. Starting with the mentioned endpoint security, EDR Endpoint Detection and Response, a first defense line has been developed against the increasing fast-growing Cyber-attacks. In 2013, Anton Chucakin introduced the label ETDR Endpoint Threat Detection and Response on the market.
With the development of Endpoint Detection and Response, an additional layer has been added to the traditional anti-virus software and we have to understand that the occurring threads are not done by hackers, who try to attack companies in a Hollywood way.”

So, when the hacker is not a Hollywood movie-star, what are actually the real threads within Cyber Security?

Daniel Bossard:

“In a nutshell, we can categorize the threats in five groups: Ransomware, Phishing, Data leakage, Hacking and Insider threats. an unhappy employee with an USB stick could both transfer data to the outside, as well as introduce a software attack. If we look at the biggest threats from the past decade in 2019, social hacking, ransomware, use active cyber security monitoring, unpatched vulnerabilities poor updating, and DDoS (distributed denial of service) attack are the top 5 cybersecurity issues.

And there is another threat which is hidden in plain sight, which is Ransomware as a Service (RaaS) is a variation of Software as a Service (SaaS) if you want, a subscription-based model that allows malicious entities to use pre-developed ransomware tools to execute ransomware attacks and subsequently encrypt data in a successfully hacked environment.
Affiliates earn a percentage on each successful ransom payment sometimes even not knowing that they developed a part of a code for (RaaS)

Question: Listing to you gives me an unwell feeling and is there anything which can be done to prevent this?

Daniel Bossard:

“To propagate and implement security measures, this naturally requires more than just a traditional EDR, the next evolution was XDR, which stands for Extended Detection and Response.”

Question: What does XDR – Extended Detection and Response mean?

Daniel Bossard:

“Well on one side, this means that the focus should naturally not only be upon the endpoint, but also on the total network, storage, Backup, Server, Endpoint and email.” For this construct several market players offer excellent solutions and share their knowledge.”

Question: So, what makes XDR so particular?

Daniel Bossard:

“Where EDR recognize the result or action as a breach happens, XDR would discover a pattern, not only on Endpoints, but within the whole Infrastructure with results during a breach and depending on whether a certain pattern is known or similar, introduce a response,
such as a compiled notification to the Security Team which is effectively reducing a flood of information and help the Team to focus on their work rather than on white noise in their inbox.
As an example: You lock your Audi 100 and leave your car alone overnight. You waken up, while the alarm has been activated, when somebody tried to pen your car and drove away.
In comparison your new Audi e-tron GT would enable you to register the incident, activate the alarm and in case the thieve put on his belt, sends you a push notification to your phone, locks the car and the engine until the police arrives.
In the same manner, XDR would handle the breach, follow the protocols and instructions, informs the security teams explicitly and enables to administrator to exclude the endpoints in question, isolate emails in quarantine, secure cloud buckets, etc. There are several providers, which offer similar solutions and depending upon the customers’ assessment several options might be good. The key is, that the customer should have the most effective and mature software, which is easiest to use. Together with Secureworks, Dell Technologies has announced a subscribed service, which protects the customer environments against Cybersecurity attacks and remediate in the same manner.
Dell Technologies Managed Detection and Response powered by Secureworks Taegis XDR offers for example 247 security for endpoints, data center and cloud environments.”

Question: How does this managedXDR works?

Daniel Bossard:

“Dell Technologies Managed Detection and Response uses Secureworks Taegis XDR Software (SaaS) to monitor threats throughout the total IT environment, to detect, analyze and automate, where thread analysis experience of thousands of customers is used.

Quinten Ockers:

“Well, Daniel, thank you for your inside and it is a pleasure to have you interviewed.”

Quinten Pieter Ockers

About the Author: Quinten Pieter Ockers

Gerente de cuentas de servicio en Dell Technologies desde 2010 y en los últimos ocho años activo a nivel mundial. Actualmente gestiona clientes en todo el mundo para aprovechar las experiencias de los servicios ProSupport Plus en cada país. Su principal objetivo es trabajar con personas de todo el mundo, aprender diferentes culturas y apoyar que los servicios de TI funcionen en todas partes.