Time for Security With the Open XDR Approach

One nearly universal principle of law, particularly with contracts, is that “time is of the essence.” Increasingly, the adage is becoming a security principle on multiple levels. At the same time, the parallel principle, “time is money,” closely applies to security. Both are true, and both apply to the success of security.

Time presents different considerations for attackers than defenders. On one hand, attackers can spend as much time as their “business model” will allow. Attackers have nearly an unlimited number of opportunities to try to penetrate a network or data center. Many attackers operate as a business and strive to work as efficiently as possible. Tools, services, compromised account credentials and other things help attackers work more productively, reducing the amount of time expended to achieve a worthwhile return. Attackers want to get the biggest return on investment.

Security Teams and Time Issues

Security teams also contend with time issues, particularly in terms of teams being overworked and understaffed. They, too, must maximize the return on investment of their time. Much has already been said on this topic, but the question remains: Are tools and practices increasing or degrading overall efficiency? Some use efficiency and effectiveness interchangeably as if they were the same word. Efficiency is more about a way of working, and effectiveness is about the outcome. Efficiency often leads to effectiveness.

Some security tools and practices or procedures may have value, but their relative contribution may be smaller in the crusade to keep the organization safe; the time required for them may not be worth the effort compared to working within other tools and conducting other procedures. Some tools and procedures excessively drain resources, and these need to be carefully evaluated as to whether their required time is justified. These two points seem obvious at the surface level, but when one truly examines things in terms of “time is of the essence,” it may be that practices, such as maintaining aging rule-based systems or certain kinds of reporting, may not be justifiable.

Security Tools and Procedures

Tools and procedures need to be examined, but so do styles of work. In some cases, what made sense or was productive in the past may no longer be. Security tends to have a habit of adding technologies or practices without relinquishing the old ones. Security in layers still makes sense, but not when those layers are like strata in an archeological dig and hinder a team. Sometimes additions—tools or practices—are augmentative, but at other times they increase workload unnecessarily.

Open XDR, while being a tool, has helped advance a rethinking of the tool-practitioner relationship for saving time and boosting efficiency and effectiveness. Having each tool focused on a particular part of security or the attack surface, each issuing its own set of alerts, is growing more antiquated. Particularly with the number of false positives or alerts that are hardly meaningful, it is too difficult for most security organizations to sustain this approach. Instead, centralizing findings from individual tools and correlating them to gain a more precise understanding of attack activity decreases total time demands on teams while increasing efficiency and effectiveness.

Proactive Security

Individual tools and their focus on a piece of the attack surface or infrastructure are still productive, but instead of segmenting work and findings, combining them not only increases overall security efficiency and effectiveness but also potentially adds fidelity and value to each tool. Combined observation and intelligence should produce a far smaller number of total alerts, while also increasing fidelity or precision and meaningfulness. The combination of less work plus greater accuracy enables teams to focus and have more time for proactive security work or activities, such as threat hunting.

With challenges continuing to escalate and evolve, security teams under greater strain, and the stakes getting higher, organizations need to rethink how they spend their time and increase their efficiency and effectiveness. Teams need to make time for security. Time is of the essence.

Avatar photo

Samuel Jones

Sam Jones is Vice President of Product Management at Stellar Cyber. He is an experienced product development leader with a track record of building AI and security products that customers love. He has a strong background in AI/ML, data infrastructure, security, SaaS, product design, and defense. Sam has held product and engineering positions at companies including Palantir Technologies and Shield AI, and worked for the US Air Force on cyber defense strategy. Sam earned his Bachelor’s degrees in Electrical and Computer Engineering from Cornell University.

samuel-jones has 4 posts and counting.See all posts by samuel-jones