XDR Implementation And AI Use Cases

00:00

oh is it sorry yeah we were outside hi

00:04

hi good morning at

00:06

breakfast

00:08

coffee the energy is very

00:11

low okay after the session after the

00:14

session I think yeah we will'll fill you

00:16

with

00:17

energy that's okay um how many are using

00:23

antivirus almost everybody almost

00:25

everybody okay who's using xdr and ndr

00:30

EDR xdr xdr oh God so actually you

00:34

should be speaking not us

00:36

then right why did you use xdr and where

00:40

did we come from okay I'm it's basically

00:43

the security threat landscape has been

00:45

evolving and we've been dealing with it

00:47

and our tools also have been evolving

00:49

with the antivirus 2 extended detection

00:52

and response or endpoint detection and

00:53

response right it started off like that

00:56

yeah there were some basic stuff

00:58

available but not good good enough so

01:01

that's where the evolution came to

01:03

ndr and not sufficient it's Silo and so

01:07

on so on right we'll we'll get that

01:09

insights from our eminent panelists and

01:12

these are like you know when I spoke to

01:14

them individually each of them carry a

01:16

whole lot of experience dealing with

01:18

these kind of things so I thought this

01:20

conversation will be

01:23

helpful we are missing one panelist at

01:25

still he's on way so we'll try to get

01:27

yogesh as soon as he's available we'll

01:29

start start with him as

01:31

well Nanda I'll start with you

01:34

question okay people are using xdr

01:37

definitely but it's always good to hear

01:39

a concise precise definition definition

01:42

of xdr what it is and how did we reach

01:44

here right good morning everyone um so

01:49

disclaimer whatever I'm discussing and

01:50

sharing it is all belongs to it is not

01:53

belongs to my current organization it is

01:55

all all it is all based on my knowledge

01:58

only for sharing Purp

02:00

uh let's give you know the context how

02:02

the XTR is evolved right the yearli

02:05

security uh solution right it more

02:07

working on the silos like you know

02:09

antivirus or IDs IPS solution it is are

02:12

more on detection technology tool it be

02:14

working as a silos it will not talk to

02:16

each other right and mid 2000 right uh

02:20

the Sim tool is evolved right so Sim

02:24

everybody knows it is a security

02:26

information and event management tool it

02:28

will collect the locks from the

02:30

different sources and you know correlate

02:32

and give the analysis of what is doing

02:34

it is giving some at least some

02:36

visibility on the overall I know uh the

02:39

network then um The Sim is right it is

02:42

there in for 13 years I know uh and also

02:46

there is a lack of you know the data

02:49

which is received from the different

02:51

sources very massive so there is no

02:53

actionable item you know to be done from

02:56

the S so it give only the general you

02:58

know the correlation Etc

03:00

in uh 200 uh 3 uh 13 so 3 I believe you

03:05

know the EDR is come to the picture

03:07

right is a endpoint detection response

03:09

it is more on related to the endpoint

03:12

detection response right so if the

03:14

endpoint is compromised or in endpoint

03:16

is having any malicious activity that

03:18

will be detected and any and you know

03:20

isolated from the from the network Etc

03:23

then it is only the restricted to the

03:25

end point right then again you know

03:27

after sometimes the ndr is come to the

03:28

picture Network detection and response

03:31

the the it it was you know completely

03:33

evolving right then 200 um uh 16 or 17 I

03:39

believe the xdr component is come so it

03:43

is a it is a comprehensive solution

03:47

which will talk to all the security

03:48

tools it's not working as a silos it

03:51

will be talking to the network and Cloud

03:53

as well as the you know the uh endpoint

03:57

and email server Etc it will give the

03:59

comprehensive view of how the traffic is

04:01

going what is the normal behavior what

04:04

is the anomal activities Etc so the xdr

04:07

will give the more context in terms of

04:09

you know the single pan of water single

04:11

pain of glass right it'll give the you

04:13

know overall picture to the you know

04:15

Security operation team to take a

04:17

proactive actions and also the exteror

04:20

right it is it is a even it is it is

04:22

evolving it is not you know to reach the

04:25

you know the top level right it just

04:26

keep on evolving the reent days right

04:28

you know still there is a know um

04:32

challenge in xdr solution in terms of

04:34

integration compatibility Etc but still

04:37

it is evolving and also the recent days

04:39

there are Cloud native xdr components

04:42

also coming in like you know gcp AWS and

04:45

asour they have know their own uh xdr

04:48

tool which have more you know native

04:51

capability of xdr and also it'll be

04:52

extended to the other platform like you

04:54

know uh o OT iot platform which is more

04:58

isolated network uh is a air gap Network

05:01

that is also the xdr into the come to

05:02

the picture so it is completely evolving

05:05

so the very simple term is xdr is the

05:07

single pan of glass which will give the

05:10

overall visibility to the entire uh it

05:13

ecosystem fantastic thank you kames you

05:16

want to add anything

05:25

to yeah so already highlighted if he

05:29

imagine you know if you have a more than

05:31

10,000 asset in your environment it's uh

05:34

quite challenging for you if you are not

05:37

using such type of tools that means you

05:40

have to do eyeball monitoring right now

05:43

eyeball monitoring is very difficult

05:45

that means our employee actually you

05:48

know performing all these activity 24

05:51

by7 365 days uh the cost right because

05:55

security is all about cost so xdr

05:58

actually helped to reduce cost as well

06:02

you know you can say like the difficult

06:04

part for any ceso when you are reaching

06:06

out to finance guy and saying can you

06:09

give some budget you know first question

06:11

mark actually you know it's very

06:13

difficult to get so such tool actually

06:15

helping us to do this uh everybody here

06:19

actually you know raise a hand they are

06:21

using antiv virus but data shows that

06:24

more than 80 to 90% people is still

06:27

actually not using antivirus now I'm

06:29

talking about antivirus means is not you

06:32

are talking about your actually

06:34

organizational devices I'm talking about

06:36

your mobile devices right in here in

06:39

this Hall also you can think how many of

06:41

we are using you know antivirus in our

06:43

mobile devices right more than 80 to 90%

06:47

people are not using and uh you know my

06:50

background is mainly is a threat int so

06:52

now attacker is start targeting mobile

06:54

devices now I'm giving example if you're

06:56

not using such devices if I ATT a Target

06:59

your mobile device and ask for

07:01

ransom now Ransom you can say maybe you

07:05

know a small amount they can ask okay

07:07

you can you have to pay uh

07:09

$1,000 now because we have a critical

07:12

data and you know we have to pay we

07:15

don't have any option so you can think

07:17

like this attacker start targeting as

07:20

you know that ransomizer service is

07:21

going on I clearly said that this is not

07:25

one type of you can say attack method

07:27

which every country is using but but

07:30

it's a business right we are trying to

07:32

protect our environment they are trying

07:34

to actually generate a revenue so xdr

07:37

actually help here and definitely after

07:40

AI

07:41

integration the you know effectiveness

07:44

of such solution is a more so just I'm

07:48

little bit yeah definitely after that I

07:50

can start provide more insight on this

07:52

manik G just can you give me some ideas

07:54

about I mean the kind of challenges one

07:56

would experience when implementing an

07:58

xdr see he talked about several things

08:01

one it's a cost as a challenge compared

08:03

to normal antivirus and edrs there xdr

08:06

are slightly more comp cost costly

08:16

apologies right and uh also talked about

08:19

having integration essentially it needs

08:21

to kind of work with multiple security

08:23

Technologies and hence something what

08:26

challenges one would expect and kind of

08:28

experience in this sixd

08:31

implementation uh thanks for the

08:33

question thanks ceso platform for this

08:35

opportunity and as a disclaimer um All

08:39

My Views are all from my uh personal

08:41

experience and nothing to do with my

08:43

personal and previous

08:44

organization um see the first step the

08:47

first roadblock which um anyone would

08:50

experience is the Legacy systems because

08:52

Legacy

08:53

systems uh capacity to take the load of

08:57

xdr would never be POS possible um

09:00

second thing is uh deciding which one to

09:04

be done where first whether we do it at

09:07

the remote location or doing it the the

09:10

local location uh and deployment is

09:13

always a big challenge though we may

09:14

have all the state of art ad uh and

09:18

remote deployment tools but uh in an

09:21

Enterprise where there may be a huge um

09:24

assets uh inventory uh implementation or

09:28

the deployment of the remote location uh

09:30

scanning it and probably monitoring uh

09:33

probably initial monitoring is a biggest

09:35

challenge um having said

09:39

that basic one of the biggest problem

09:42

which I also seen is the mindset of the

09:44

board also has to change which is also a

09:46

problem because when the board is stuck

09:48

with only an antivirus which is around

09:50

let's say $10 or something to bring them

09:53

to a level of an xdr needs that type of

09:56

a mind CH change of mind thank you so

09:59

that's a that's a challenging stuff as

10:01

well uh

10:03

Nanda take us through any of the use

10:05

case where AI or ml is is kind of

10:09

leveraged in the next year sure so there

10:11

are many use cases you know uh the alml

10:14

into the picture to the XTR

10:16

implementation so I'll give the one use

10:18

cases right now um I think if when you

10:21

implementing XTR right you'll be

10:22

integrating with all the security

10:23

solution you'll be creating a baseline

10:25

what is what is normal for your

10:27

organization right so uh let's take

10:30

example you know

10:33

um the anomaly behavior for the behavior

10:37

analysis for anom an anomal deduction

10:40

right for example uh there is a suddenly

10:43

suddenly right there is a huge data is

10:45

transfer from your network to you know

10:46

external world right is the it is not a

10:49

normal behavior right so if the if you

10:51

implement xdr solution it will give talk

10:53

to the your network it'll talk to your

10:55

endpoint it'll talk to your you know

10:56

security solution it'll give the you

10:58

know overall picture how the data is

11:01

transferred and you know what what time

11:03

it is transferred Etc so the if ex

11:06

solution is there it be easily dedu and

11:09

respond for you know this kind of you

11:10

know the use cases similarly for example

11:13

the one one employer right he will be

11:16

accessing sensitive information from the

11:19

different countries and OD time for

11:22

example I am U I am accessing some Sensi

11:25

information night 1:00 it is a normal it

11:27

is not a normal behavior right it is a

11:29

usual activity so if the xdr is there it

11:31

will be check your normal behavior and

11:34

it will compare with your you know

11:35

abnormal behavior then it'll be giving

11:37

you know uh a lot to the XTR solution

11:40

for the uh response for particular

11:42

access will be denied or particular

11:45

access will be you know propagated for

11:46

the particular users so the XTR you know

11:49

will will talk to all the security tools

11:51

it not be silos right endpoint Network

11:54

cloud email Etc so uh this is one of the

11:58

use cases there are many use cases there

11:59

for you know for fishing sophisticated

12:02

fishing attack how the xdr will you know

12:05

help for the organization

12:07

yeah kames would you like to add another

12:10

use case and deep di a little bit into

12:12

it yes so see we have a standard huge

12:15

cases for xdr but my suggestion is you

12:20

have to look into your environment you

12:22

can develop your huge cases as according

12:25

to you know according to your

12:26

organization business you can say

12:29

because the nature of business of every

12:31

organization is different and already uh

12:34

you know add so for example you know I

12:37

always say you know your xdr will help

12:40

to detect

12:51

sorry thank you

13:01

so before we go on the break for the tea

13:03

break uh we will go on the last uh panel

13:06

session that will be on practical AI use

13:10

uh cases and in cyber

13:12

security uh it will be moderated by

13:14

Rajiv nandwani from BCG panelists

13:17

include vinit Kumar shasa from GSK T

13:20

selven from hexaware

13:22

Technologies Shiva Kumar from Lenovo

13:26

Nies goyel from Aquin Financial Services

13:29

Halal Ahmed Looney from R Razer pay and

13:32

Shri Kant s from Tata Electronics this

13:35

panel will discuss if AI can automate

13:37

responses to security incidents help in

13:40

vulnerability management as well as

13:42

based on threat intelligence and many

13:44

other topics as well handing over to you

13:46

Rajiv