Analytics and Correlation of Detected Threats Across Endpoints and Networks in Hybrid Environments Improves Security Efficacy Against Cyberattacks
Bitdefender unveiled the next evolution of Endpoint Detection and Response solutions – eXtended EDR (XEDR) with the addition of analytics and cross-endpoint security event correlation to Bitdefender Endpoint Detection and Response (EDR) and GravityZone Ultra, the company’s unified endpoint prevention, detection, and response and risk analytics platform. These new capabilities increase security efficacy for identifying and stopping the spread of ransomware attacks, advanced persistent threats (APTs), and other sophisticated attacks before they impact business operations.
With integrated detection and response across operating systems (Windows, Linux, Mac) and hybrid environments (public and private cloud, on-premises), Bitdefender delivers a comprehensive, real-time view for security operations, greatly improving the ability for organizations of all sizes, even those without full-time security analysts, to detect covert attacks that would go unnoticed by analysis and detection on individual endpoints in isolation.
Sophisticated attacks designed to evade security technology detection often mimic ‘normal’ processes or execute in multiple stages through multiple vectors including endpoints, networks, supply chains, hosted IT and cloud services. Bitdefender XEDR thwarts complex attacks by ingesting, examining, and correlating telemetry across endpoints to detect indicators of compromise (IOCs), APT techniques, malware signatures, vulnerabilities, and abnormal behaviors. This advanced monitoring automates early detection of attack scenarios, providing security and IT staff with a single dashboard view wherever the attack started.
The new XEDR capabilities also enhance Bitdefender managed detection and response (MDR) by providing greater visibility and incident context during investigations to accelerate threat validation, response actions, and remediation.
“Organizations of all sizes across all industries are in the crosshairs of APTs and skilled cybercriminal groups,” said Steve Kelley, president, and general manager of Bitdefender Business Solutions Group. “Each application, email, unpatched vulnerability, partner relationship or third-party service represents a potential entry point to a catastrophic security incident. As adversaries evolve techniques to bypass defenses and move through environments undetected, event correlation beyond the boundaries of a single endpoint is crucial for cyber resilience. Bitdefender XEDR provides cross-endpoint correlation to detect and eliminate threats faster at each stage of an attack from early reconnaissance to the final payload.”
In a recent report***, Forrester Analyst Allie Mellen writes that “XDR providers will be limited or enabled by the EDR on which they are based. Choose your XDR based on an EDR with high efficacy detections, strong third-party partnerships or extended native capabilities, and automated response recommendations.”
XEDR builds upon the company’s industry-leading EDR solutions and advanced threat intelligence powered by the Bitdefender Global Protective Network (GPN), an extensive array of hundreds of millions of sensors continuously collecting endpoint threat data worldwide. In independent evaluations, Bitdefender consistently scores highest in detecting APT tactics and techniques. In the most recent MITRE ATT&CK test, Bitdefender achieved the highest number of detections of the 29 participating cybersecurity vendors.
XEDR with cross-endpoint event correlation is available now and comes standard with Bitdefender EDR.
Healthcare provider opts for 24×7 security monitoring service and protection at 40 percent less cost than hiring additional staff
As cybersecurity threats continue to proliferate, internal security operations departments at organizations worldwide must devote significant resources to managing and analyzing an unrelenting flow of alerts and notifications. To address this challenge, Magrabi Hospitals and Centers, a major healthcare provider in Saudi Arabia considered hiring additional security operations employees to provide 24×7 monitoring.
Instead, Magrabi determined that outsourcing to a managed endpoint detection and response service would provide more comprehensive protection and at a lower cost. Magrabi evaluated managed detection and response service offerings from Crowdstrike and Bitdefender and selected Bitdefender Managed Detection and Response (MDR) Service.
Mostafa Mabrouk, Corporate Information Security Manager, Magrabi Hospitals and Centers, explains, “We chose Bitdefender MDR because it would provide us with comprehensive endpoint control, detection, forensics, reporting, and protection. Viewing all the security components from a single console—from malware removal to sandboxing to quarantine to logs and more—was valuable to us. We also were impressed with the in-depth expertise and knowledge of the security analysts staffing Bitdefender MDR.”
Bitdefender MDR provides Magrabi with outsourced cybersecurity operations 24 hours a day. The MDR Service incorporates industry-leading Bitdefender security technologies to provide comprehensive protection for endpoints, network and security analytics, and threat-hunting expertise from a Bitdefender security operations center fully staffed by highly experienced security analysts.
The MDR Service, which incorporates Bitdefender GravityZone Ultra, provides Magrabi with endpoint protection, detection, and response (EDR) capabilities across nearly 3,000 endpoints. Magrabi’s endpoints protected by MDR Service include Windows workstations; physical and virtual servers running VMware ESXi, Citrix XenServer, and XenApp; Citrix XenDesktop virtual desktops; Microsoft Directory servers, and Microsoft Exchange mailboxes.
Magrabi’s MDR Service also includes Endpoint Risk Analytics to assess, prioritize, and address risk coming from endpoint misconfigurations and vulnerabilities. In addition, the MDR Service analyzes suspicious files, detonates payloads, and reports malicious intent to administrators, and provides tunable machine learning, advanced heuristics, and anti-exploit techniques. Additional MDR Service modules selected by Magrabi include GravityZone Patch Management to automate patching of vulnerable applications and operating system components.
Magrabi places high value on the 24×7 monitoring, analysis, and remediation provided by the Bitdefender MDR solution. “The clinical staff at Magrabi provides patient care services that demand uninterrupted access to medical devices, IT systems, and data,” says Mabrouk. “The soul of Bitdefender MDR is the 24×7 monitoring of our infrastructure to support this vital mission.
We have access to real-time notifications of suspicious activity and the support of Bitdefender’s security experts to investigate and resolve any issues. The performance and protection provided by Bitdefender MDR has been perfect. We sleep better knowing Bitdefender will take action and stop an attack at any time day or night.”
Improved efficiency and productivity have been additional outcomes of Bitdefender MDR, according to Mabrouk: “Bitdefender has removed the headache and burden from our staff. We have saved 15 hours a week, giving staff more time to focus on security analysis and other IT areas that benefit our clinical and business operations. We calculated our operational costs were 40 percent less by going with Bitdefender MDR compared to hiring an additional three employees to achieve around-the-clock monitoring.”
Mabrouk continues, “With the GravityZone cloud console, it’s easy for us to check our risk score, activity, and history of any incidents. We also like that we can deploy agents throughout the cloud rather than directly on the servers. This contributes to high endpoint performance even during scans.”
Magrabi also depends on GravityZone Patch Management to automatically deploy security patches to servers in the Magrabi infrastructure.
The quality of the Bitdefender MDR experts also has been important, says Mabrouk: “The Bitdefender MDR team has been responsive, knowledgeable, and successful at protecting our valuable data. Our number one priority is providing top patient care and Bitdefender has been successful in supporting that at every turn.”