Improves our traffic visibility, saves us time, and identifies blind spotsThe biggest problem was that I couldn't see our East-West network traffic between our endpoints. However, I could see North-South traffic, meaning anything that went up to the firewall and back. This meant if, for example, a coworker and I were sending something malicious to each other, I wouldn't be able to see it or tell where it was coming from. I might get an alert saying suspicious activity was detected, but wouldn't have specific details. Implementing an XDR system changed this. Now, I can see all East-West traffic and set up rules for specific actions if certain events occur. I can also filter the information to focus on what's most important. Every day, I review XDR alerts, investigate them, and determine if they're suspicious or not. We use Trend Vision One - Cloud Security across all our endpoints, including PCs, laptops, and servers. The coverage it provides is extremely important. We leverage Trend Vision's XDR capabilities for enhanced threat detection and response. Additionally, we utilize the Trend Vision One - Cloud Security app security solution. We have Trend Vision One - Cloud Security as a service, and I also manage TippingPoint. Our cybersecurity posture is significantly stronger than it was four years ago. Back then, we were hit by a ransomware attack, which exposed vulnerabilities in our security measures. We were only spending around eight thousand dollars annually on cybersecurity, and as the company grew rapidly, investments in cybersecurity weren't prioritized. While achieving absolute security is impossible, we are demonstrably more secure than ever before. Trend Vision One - Cloud Security provides centralized visibility. Every day, I log into Vision One and the first thing I check is my risk score. Based on my score, I take action. For example, if my score jumps from 36 to 50, I investigate the change in Vision One. Vision One tells me what caused the increase and offers specific recommendations. I can then easily see what actions will reduce my risk. For example, I might see that fixing a specific vulnerability will lower my score by six points, but another fix won't help. Trend Vision One - Cloud Security is a powerful tool, and that's just a glimpse of its capabilities. It shows me my OS vulnerabilities, application vulnerabilities, and even critical business exposures. For example, it might alert me to an Adobe CBE and tell me which devices are affected. This allows me to quickly identify and patch vulnerable devices. Furthermore, I can directly initiate patching from Vision One. Additionally, I can use integrated products like Container Security for AWS to gain comprehensive security insights across different environments, all within the same platform. Every day, I start by logging into the Executive Dashboard. It's the first thing I check, as it provides me with my risk index and a summary of potential issues. Furthermore, I can view information about our devices, risk levels, and other relevant data points. After reviewing the Executive Dashboard, I transition to the Operations Dashboard for a more granular look at individual devices and their associated risks. Before XDR, I could spend hours trying to track down the issue behind an alert. Now, everything is at my fingertips within Vision One. I simply click on the link, and it gives me all the information I need: who the user is, the PC name, and relevant context depending on the alert type e.g., a suspicious email. So, instead of spending hours figuring out the source of the alert, I can now resolve it in just a couple of minutes. With the managed XDR service, I have peace of mind knowing that if they find something suspicious, they will alert me immediately. They can even call me and say, "Hey, we found some unusual activity and stopped it. Do you want us to continue investigating or revert to the previous state?" I can then confidently say yes and trust that they are handling the situation effectively. I've received calls in the past late at night about suspicious activity, and I'm grateful that I don't have to be the one monitoring everything 24/7. Now, I have a team of experts who do it for me, providing a significant advantage over-relying on a single person. They only alert me when something serious arises, allowing me to focus on other matters. The managed XDR service has freed up our team's time by eliminating the need for 24/7 on-call duty with Vision One. This allows us to focus on other tasks instead of spending hours diagnosing potential issues. Now, we're able to resolve concerns in minutes, freeing up additional time for projects and other responsibilities. While I find the Attack Surface Risk Management module to be a valuable addition to the executive dashboard, I don't utilize the Attack Surface Discovery feature as frequently, maybe once a week. This is primarily because I rely on the XDR management system to monitor for potential threats and alert me to anything critical. Manually reviewing the detailed discovery overview doesn't add significant value at present, as I trust the XDR system to flag any urgent issues. The Attack Surface Risk Management module helps to identify blind spots in our environment, especially where assets are highly exposed. It presents explainable CDZs and provides a rich asset score for each PC or device. This allows me to easily identify high-risk devices and investigate further. For example, when I saw a server with a suspicious file flagged as a 96 high-risk alert, I could investigate and find that it was an Excel file with a macro, explaining the risk. I can then determine if it's a false positive and communicate this appropriately. The module's continuous learning ensures improved accuracy over time. Implementing the managed XDR has significantly reduced our time to detect and respond to threats. Previously, I received security alerts via email, which could be delayed. Additionally, I often needed to manually review logs and scan results, which was time-consuming and inefficient. Now, the managed XDR provides timely alerts directly in the platform, streamlining my workflow and keeping me informed promptly. This has saved me one to two hours per day. Implementing a managed XDR solution has significantly reduced the number of false positives I encounter. This allows me to identify and address real issues much faster. Instead of spending 45 minutes tracking down potential threats, I can now simply click a link and determine if an alert is legitimate within three minutes. We use playbooks that have certain rules and are set up to automatically take action when they find something suspicious. This way, I don't have to sit there and make judgment calls every single day. If a certain event occurs, or if we discover something unexpected, I can create a playbook to automatically start looking for it everywhere on the network.
