In his presentation Think Like Attackers: The Shift Beyond EDR, Gopan Sivasankaran, General Manager of META at Secureworks, outlined practical strategies for businesses to enhance their security by automating risk responses and minimising damage before it escalates.
He identified top security challenges businesses commonly face. “One of the top security challenges is ensuring full visibility across their organisation – endpoints, network, cloud, and internal threats that may go unnoticed. To address this, companies deploy technologies like endpoint detection and response (EDR) and network detection and response (NDR), but this introduces a second challenge: complexity. These tools generate thousands, even billions, of alerts, making it difficult to manage," Sivasankaran pointed out.
“Once you've addressed these two challenges, the next step is dealing with a confirmed incident, which may not necessarily be a breach. At this stage, it's essential to ask, 'Do I have a response plan in place, both within my system and partner network? Are there trusted individuals I can rely on to act swiftly?' These are critical questions for ensuring a robust incident response,” he added.
He suggested that instead of taking a siloed approach, businesses must opt for a big data lake platform.
“Ensure you're using deep learning algorithms to ask meaningful questions. For instance, how large is your data? Avoid relying on marketing buzzwords and focus on addressing real challenges. Once you've gathered the data, organise it into service vectors. While technology is important, it’s also crucial to have the right services in place.”
To effectively monitor and protect against evolving threats, he emphasised that detection and response must extend beyond endpoints and integrate across multiple security layers to ensure comprehensive protection.
“Effective threat detection is built on a simple yet powerful principle: prevent what you can, detect what you cannot prevent, and hunt what you cannot detect. True managed detection and response (MDR) service extends beyond the endpoint, requiring a holistic approach across the entire attack surface - network, cloud, identity, and email. Clear service-level agreements (SLAs) for investigation, incident response, and proactive threat hunting are non-negotiable. And without an open extended detection and response (XDR) platform, you’re locked into tools that limit your flexibility and visibility, leaving attackers the advantage,” he said.
