Versions Compared

Old Version 3

changes.mady.by.user Dennis Underwood

Saved on

compared with

New Version 4

changes.mady.by.user Dennis Underwood

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

So, what’s the answer, then?
The team is OK with Cyber Crucible being called an EDR for extortion defense due to the edge computing, even though that’s seen as “last generation” in some circles The reason is that the X in XDR represents an evolution of an endpoint tool strategy in place in EDR’s as well, in that analytical computing power has been moved to remote servers (usually in a cloud of some type). With that additional power, comes two drawbacks: latency, and fragility. Neither are

Remote Analytic Latency as a Liability

Extortion criminals first focused on the speed of their attack, to turn the latency into a liability. This is expressed during attacks in a couple ways. The first being that, the attackers sped up their efficiency to ensure that irreversible attack actions were completed before the analytic server could respond. We saw that a great deal on tightly scoped tasks, such as credential theft - gone (to the attacker’s server) in a flash.

...

We’ll discuss what Cyber Crucible does to correct this matter at the end.

Remote Analytic Fragility as a Liability

Previously, we discussed exploiting the latency of remote analytics infrastructures through the use of parallel and distributed computing. In this section, we’ll discuss the fragility of building endpoint security tools remote analytics.

...

While the resiliency of endpoint tools from being tampered with by attackers is certainly a recurring issue vendors prefer to not discuss openly, in this case, the EDR or XDR can remain intact and ineffective.

What All This Means to Cyber Crucible - IS it an EDR or XDR?

The vulnerabilities concerning the latency and fragility of remote analytic server strategies, mean robust data extortion simply cannot rely on cloud computing. Cyber Crucible has elements of both EDR and XDR.

Cyber Crucible as an EDR

If we reduce an XDR to enable a combination of endpoint and other (usually things like network) telemetry, and define and EDR as strictly using endpoint telemetry to make decisions…

...

Due to the latency and frailty of remote analytic servers, Cyber Crucible had to invent a detection and response capability whose behavioral analytics use only information available on the endpoint at the time of attack.

Cyber Crucible as an XDR

The collection of endpoint telemetry for edge (endpoint) detection and response is valuable for a variety of other strategic investigatory activities such as threat hunting, insider threat detection, and IT audits. All telemetry is transmitted to the database (either customer appliance, or central Cyber Crucible database) for correlation and analysis. Data sources are combined and collated for rich data presentation.

...