Interview: Andrei Hinodache On XDR As The Answer To Unified Security
Andrei Hinodache, Cybersecurity Solutions Expert at Heimdal, discusses why there’s such demand for a unified, holistic approach to cybersecurity, and how XDR could be the answer to many challenges in the industry.
By Caitlin JonesUpdated Aug 10, 2023
In recent months, there’s been a lot of talk in the cyber space about a newly emerging security product category: Extended Detection and Response (XDR).
Endpoint Detection and Response (EDR) solutions collect telemetry data from your company’s endpoints and provide automated responses for threats that they identify, such as viruses and malware. Many EDR providers also offer this as a managed service—Managed Detection and Response (MDR)—where they manage the solution and deploy their own SOC team to help mitigate any identified threats. However, some cybersecurity providers in the threat detection and response space are beginning to offer capabilities that extend traditional endpoint security coverage to offer protection at other network layers such as email, web, and identity. This is known as XDR and, while some security experts argue that XDR is just a buzzword, those offering it argue that it may be the answer to unified security that the industry is looking for.
“It’s not a revolution, it’s not hype; it’s just simple evolution. The cyber threat landscape is evolving rapidly, so cybersecurity must evolve as well,” says Andrei Hinodache, Cybersecurity Solutions Expert at Heimdal.
“The cybercrime market is becoming a mature, stable, self-sustaining organism. That’s why multi-layered, unified defense is key today.”
Heimdal is a leading provider of cloud-based cybersecurity solutions that protect against endpoint, email, web, identity, and application threats—all of which can be managed via a single, unified platform. In his current role at Heimdal, Andrei is responsible for sharing knowledge, research, and technical expertise.
In an exclusive interview with Expert Insights, Andrei discusses the main cyberthreats that Heimdal is currently helping organizations to tackle, why we can expect the industry to start taking a more consolidated approach to cybersecurity, how the threat landscape is likely to evolve in the near future, and why XDR isn’t just a buzzword.
Today’s threat landscape is vast and ever evolving. While we are now familiar with many of the most common attack methods used by cybercriminals to compromise enterprise environments, attackers are continuously looking to find new ways to make those methods more effective and efficient.
One means of doing that is by preying on the human layer of security, targeting user accounts through advanced social engineering attacks or highly effective brute force attacks. These attacks prey on human error, either by manipulating users into handing over sensitive information, or by relying on the fact that a user isn’t implementing strong password practices—and instead, creating weak, easy to crack passwords and re-using them across multiple accounts.
“The initial entry vectors are the ones that are most exploited,” says Andrei. “For example, on average, we are blocking 3,600 emails for a customer per month, which is huge! And when you look at brute force attempts—brute force is when somebody’s attempting to access your network by guessing credentials such as passwords—we saw over 140,000 per month.”
On top of that, attackers are combining multiple attack methods to carry out multi-layer attacks, which exploit vulnerabilities across different areas of the network—spreading IT and security resource more thinly and making the attack harder to detect.
“We recently released Extended Threat Protection, which looks at a lot of advanced things such as the items in the MITRE ATT&CK framework,” says Andrei. “ One month since we released it, it has already detected over two million advanced threat patterns such as credential harvesting, lateral movement, network discovery, and so on.
“And then we get to the crown jewel of the statistics. We have seen a steady increase in ransomware attempts. We are currently sitting at blocking around 2,800 per month across all customers, and this is spiking in the last few months.”
We Need A Multi-Layered, Unified Approach
Heimdal offers a wide range of different security products—including endpoint and email protection, vulnerability management, PAM, app control, and MXDR. This also allows Heimdal to crowdsource intelligence across their customers and technologies. This enables them to prevent threats they’ve detected in a customer’s environment from taking root amongst their other customers.
“With Heimdal as an XDR platform, having multiple layers, you start addressing each layer rather than having to manage them separately. When you do this together, you immediately benefit from multiplier value […] because different layers that normally do not talk together now are in perfect tandem and they can bring that enhanced value to the end user.”
“As a practical example, when your DNS security sees a threat, your antivirus notices the program that the DNS is flagging and can immediately block it. Or another example, when you get elevated admin credentials on your computer and a virus that was dormant in your computer starts up, the antivirus will immediately catch that through the live scanning and notify the privilege admin rights to cancel your session.
“So, you start seeing a lot of integrations in between the features, not to mention the fact that you can automatically isolate the computer whenever a ransomware attempt is taking place. By having them combined actually gives you a lot more flexibility and speed in your reaction.”
This unified approach to security is going to be critical when it comes to tackling the more complex threats that we’re seeing emerge. As such, we should expect more security providers to start offering a holistic cybersecurity platform, either through the acquisition and integration of other tools, or through additional development to their existing tool stack.
“It’s clear that all the players that wish to remain in the market will adapt to this at their individual pace, or just become unfortunately obsolete,” Andrei says. “Once people see how easy it is to approach your security profile and your cybersecurity program with [a unified approach] without needing to invest so many resources, they will migrate to this. It’s a no-brainer, if you ask me.”
XDR Isn’t Just A Buzzword
Some security experts are advocating for Extended Detection and Response (XDR) platforms as being the answer to unified security that the industry is looking for. XDR platforms extend the capabilities of EDR platforms to offer protection at multiple layers of the network—not just the endpoint. In theory, this gives organizations a single pane of glass through which they can manage their entire security ecosystem.
Some security experts argue that XDR is just a buzzword, but Andrei disagrees with this.
“XDR is an EDR at the base, with some extended capabilities,” Andrei says. “So, you might also cover email, patching, network security, cloud access, and so on. The funny thing about XDR is that, even in the official definition by Gartner, it says this is a vendor specific offering that goes beyond EDR. That’s the definition in just a few words. And MXDR, of course, is the managed version.
“Let me share with you something that I heard a colleague of mine saying a few days ago, which I loved. EDR to XDR is not a revolution like people are trying to paint it. It’s just a normal evolutionary step in the process.
“Cybersecurity is an industry that is notorious for coining terms all day long, but this is a requirement because there are different product categories that come out. We need to standardize the way we actually approach it so we know that, if we need an XDR, we know what features we are looking for. If we didn’t have the terminologies, we wouldn’t have this ease of use when it comes to filtering through all the tools that the market is offering. “In summary, it’s not a revolution. it’s not hype, it’s just simple evolution. The cyber threat landscape is evolving rapidly, so cybersecurity must evolve as well.”
Listen On Spotify:
Listen On Apple Podcasts:
About Expert Insights
Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions. You can find all of our podcasts here.
Caitlin Jones is Deputy Head of Content at Expert Insights. Before joining Expert Insights, Caitlin spent three years producing award-winning technical training materials and journalistic content. Caitlin holds a First Class BA in English Literature and German, and currently provides our content team with strategic editorial guidance as well as carrying out detailed research to create articles that are accurate, engaging and relevant.