t cht lk
Firas Ghanem , Regional Director – Middle East & Pakistan , ThreatQuotient
Parallels with The Art of War and the XDR process
Relating this process to XDR , we see close parallels . Gathering information from different disparate internal and external sources and domains is the “ extended ” part . The distribution or dissemination of information across your security infrastructure is the “ detection and response ” part . Finally , calculations involve converting raw data into relevant intelligence and this is the basis for responding efficiently and effectively to a given situation . vulnerabilities . You must also know your enemy – who and where they are , their size , the types of weapons they use , their motivation , and their tactics and techniques . This information drives basic decisions – is this a threat or not , should we fight or flee , and what actions should we take ? Then comes the most important step – calculations . As Sun Tzu said : “ The general who wins a battle makes many calculations before and during the battle . The general who loses makes hardly any calculations . This is why many calculations lead to victory and few calculations lead to defeat .” We should not act on the basis of raw data , but rather on information gained by examining the data for relevance , priority and other situational information , which on the battlefield includes terrain and weather conditions . The goal is to apply context to data , so you have the right information at the right place and time .
To accomplish this , what ’ s needed is a data-driven security operations platform that allows you to extend capacity to consume and manage data , be it internal or external , structured or unstructured . A lot of valuable data you get from third parties is trapped within their technologies , so the platform must be based on an open architecture , where integrations are broad and deep to help you unlock that valuable resource as well . Having aggregated and normalised all that data , the platform then must be able to correlate the data and apply context so you can prioritise and filter out noise .
Ultimately , you want to be able to operationalise the data and take the right action . So , the platform must translate that curated , prioritised data for export , allowing for data flow across the infrastructure to quickly activate defence technologies and teams . Closing the loop , the platform also captures and stores
68 INTELLIGENTCIO AFRICA www . intelligentcio . com