As cloud computing grows more widespread and people, applications, data, and identities become more dispersed, security teams need a better way to increase visibility and track threats across the enterprise. That’s where XDR and SIEM come in.




istock 1483611712

iStock/Urupong

By Microsoft Security

As organizations adopt digital transformation, many find themselves dealing with hybrid cloud computing challenges in which resources are split between on-premises, cloud, and even multicloud locations. We’re also seeing an increase in the usage of software-as-a-service (SaaS), which is expected to grow to $328 billion by 2027. Paired with the persistence of remote work, these factors point to a growing trend of distribution in people, applications, data, and identities.

This creates a number of challenges for security teams. First and foremost, the more assets you have, the larger of an attack surface you have to defend. Organizations are now trying to protect a complex blend of applications, security tools, personal employee devices and home networks, corporate devices and company networks, and workload identities without having clear visibility between each asset. This makes it difficult to prioritize and resolve security alerts in a timely manner and clearly track the attack path of a cybersecurity breach between assets—especially when operating across multiple cloud platforms or a blend of on-premise and cloud applications.

And while it may present novel security challenges, the benefits that cloud computing offers means it is only going to become more commonplace as more companies advance along their digital journey. If we hope to adequately secure the cloud, companies are going to have to move beyond traditional security approaches and adopt modern methods that are better suited to the unique challenges of cloud technology.

Keep reading to learn how unified extended detection and response (XDR) and security information and event management (SIEM) can help correlate and contextualize security alerts across your entire cloud infrastructure—empowering security teams to efficiently and effectively protect the enterprise.

What challenges are facing the cybersecurity industry today?

Before you can begin crafting your cybersecurity strategy, you first need to understand what you’re up against. Visibility is a significant blocker for many security teams. Just 5% of IT decision-makers report having complete visibility into employee adoption and usage of company-issued applications.

To compensate for this, many organizations end up purchasing multiple security tools to address the issue. This is also in response to the increase in cyberattacks industry-wide—both in frequency and in sophistication.

Some of the most common threats include phishing attacks, ransomware campaigns, and identity-based threats. In addition to the URLs blocked by Defender for Office, Microsoft’s Digital Crimes Unit directed the takedown of 531,000 unique phishing URLs hosted outside of Microsoft in 2022. Globally, the number of estimated password attacks per second increased by 74% in the last year alone. And as far as identity threats go, the volume of password attacks rose to an estimated 921 attacks every second in 2022—a 74% increase year-over-year.

Once compromised, we’re seeing increasing numbers of attackers move laterally throughout organizations. On average, it takes a cyber criminal 72 minutes to infiltrate an organization after a user clicks a link in a phishing email.

So, what does this mean for security teams?

XDR and SIEM can help

All of these trends are happening against a backdrop of worldwide cybersecurity shortages. Also known as the cyber skills gap, there are an estimated 3.4 million openings in the cybersecurity field today. In a recent Microsoft research study, two in five security leaders reported feeling that they are at extreme risk due to cybersecurity staff shortage. That’s where XDR and SIEM come in.

XDR helps with this by collecting, correlating, and analyzing security alerts from endpoints, networks, applications, cloud workloads, and identity infrastructure. This helps teams prioritize alerts based on their potential risk to the organization as well as understand how attacks can move throughout the entire network.

SIEM layers onto this puzzle by enabling organizations to get more actionable insights from their security alerts. SIEM applies advanced analytics and threat intelligence to security information and event data gathered from across the infrastructure, condensing huge amounts of security data into relevant and actionable alerts. This enables SecOps analysts to compare internal security telemetry and log data with external intelligence to detect new threats and

identify potential security breaches. And by feeding in XDR data, organizations can create an integrated SIEM and XDR environment with consolidated dashboards for viewing and managing threats across multi-cloud, hybrid cloud, and on-premises environments.

Unified XDR and SIEM is also helpful for countering alert fatigue by reducing billions of pieces of XDR signal data and other sources into fewer alerts and incidents. Seventy-nine percent of IT professionals have more than 500 cloud security alerts open at any given time, and 55% say their team missed critical alerts in the past due to ineffective alert prioritization. This pressure isn’t helping the cybersecurity shortage either, as 62% of IT professionals say that alert fatigue has contributed to turnover.

When it comes to defending against the cyber threats of today, companies must focus on detection and response capabilities—not just protective controls. Both are absolute musts for modern organizations.

Want to learn more about the latest cybersecurity best practices or threat intelligence insights? Visit Microsoft Security Insider.

Copyright © 2023 IDG Communications, Inc.