How extended detection and response can address UAE’s cybersecurity talent gap

The UAE weathers all storms. Each crisis – 2008, 2020 – that comes along is met with determination and rapid response. And now, with one of the world’s highest vaccination rates, it moves forward once more, on track to become a major player in the global digital economy. But not everybody is pulling for the UAE. Threat actors, who upped their game during the Covid crisis and show no signs of slowing down.

Dr Mohamed Al Kuwaiti, head of Cybersecurity for the UAE government, famously referred to a ‘cyber pandemic’. He used the term at least twice, in December 2020 and again, in November 2021. In his first reference, he cited a massive 250 per cent year-on-year increase in cyberattacks in the country, with phishing and ransomware featuring prominently in his warning.

The painful truth is that Dr Al Kuwaiti’s observations are just the tip of the iceberg. Make no mistake; all ships are in jeopardy. The headlines give us a taste, but every enterprise, from the hopeful startup to the venerable incumbent, must look at their security posture anew. Social engineering, advanced persistent threats, denials of service, and breaches – what are their origins? And what can we do to mitigate harm? Global research from the Information Systems Audit and Control Association (ISACA) shows that more than half (53 per cent) of the world’s attacks come from misconfigurations and neglected patching. So perhaps we should start there.

The human element
Or perhaps we should look to the frontline of cyber defence. It is a line populated not by machines or systems. Neither is it made up of policy or strategy. It is a line of flesh-and-blood humans – humans who do soulful, purposeful work, protecting other humans from the worst of our species. Cyber-professionals, whether working as independent advisors or as part of a security operations centre (SOC), protect that which matters most. Our health records. Our financial data. Our essential assets. Our critical infrastructure. Bad actors go after anything that can cause disruption or bring a fat payday — hospitals, utilities, pipelines, bank accounts. And between them and success (and resultant misery for their victims) stands the CISO and their analysts, threat hunters, and technicians.

Cyber-professionals rarely receive plaudits for their largely invisible successes. But a single misstep can be easily converted to compromise of sensitive data, revenue losses, supply-chain disruptions, or the tarnishing of a brand. Such pressures create a vicious circle. Security staff may leave, exacerbating talent shortages. But think about this: where do they go? They go, as any transitioning employee does, to a better work environment — one in which they are better treated, better equipped, and better able to add value. Who knows, perhaps even an environment in which those elusive plaudits may finally be forthcoming.

To build a team that attracts and effectively retains trained cybersecurity experts, organisations must be prepared to invest in their employee experience, just as they do for staff working in the core functions of the business. This means tools. The right tools. And right now, the right tool for comprehensive cybersecurity is extended detection and response (XDR).

XDR: making cybersecurity more soulful and purposeful
XDR builds a new dynamic for security teams, solving many confounding issues in a single bound. It makes cybersecurity work meaningful and shifts the daily routine from the arduous to the empowering. First, XDR simplifies the complicated. Point technology deployed on top of legacy systems leads to splintered environments that are difficult to visualise in a single pane. The white noise of alert overload and the lack of integration options between security tools combine to leave security analysts and other defenders doing hours of manual data-sifting with no guarantee of success.

XDR unites all telemetry, from endpoints, email, networks, and cloud environments. This consolidation brings visibility at last, equipping teams to respond more rapidly. But XDR gives more. Through advanced AI, it can all but eliminate false positives, and identify a much larger proportion of genuine threats. Its enhanced intelligence even allows XDR to predict attacks and automate responses in real time. XDR, is quite simply, another (very effective) member of the SOC team, which allows its human colleagues to focus on strategy and running the more devious attack campaigns to ground, all while maintaining a reasonable and sustainable work schedule.

XDR is embedded expertise, preloaded with defensive playbooks that enable SOC teams to deploy the latest industry best practices in their daily fight against the threat landscape. Recommended tactics and countermeasures emanate from advanced intelligence and industry expertise, and these are built into XDR platforms. New threats will invariably be part of the platform’s knowledge corpus, and the enterprise’s security experts can consult step-by-step guides that sketch out what apps are likely to be most at risk and what controls are best applied to mitigate the assault. XDR also doles out advice on how to best patch applications, OSes, and machines, how to secure file servers, and a host of other tips and tricks.

Talent for life
A Trellix global survey found that 92 per cent of security professionals find their work purposeful and soulful. It stands to reason that these specialists will gravitate to the work environments that are most committed to empowering SOCs to do a job and add value — to elevate the security function from a cost center to one of innovation and agility. XDR consolidates tools and deploys the very best in technology and expertise to dial down the noise, stamp out the chaos, and turn the SOC into an oasis of calm, populated with newly serene warriors who are ready to take the fight to the enemy.

Vibin Shaju is the general manager – UAE at Trellix

Read: A look at how organisations can implement a successful cybersecurity strategy