Shulou(Shulou.com)11/24 Report--

2023 national attack and defense exercise, a tough battle came to an end.

After 14 days and nights of fierce fighting

Users further tested the actual combat ability to be convinced of XDR.

Looking back on countless highlight moments

I am convinced that XDR brings real security effects to users.

"convinced of XDR, born for actual combat"

It is not empty talk, but practical work.

Only report the 0day vulnerability attack, report it in only 5 minutes, and perform meritorious service!

-- A central news unit

As the on-duty platform for this user during the attack and defense exercise, we are convinced that XDR connects to SIP / STA, EDR and third-party equipment to carry out unified aggregation analysis of multi-source logs to achieve extreme alarm reduction, from 1.5 billion logs to 256 security events. All alarms are detected and reported by XDR immediately.

On August 17, XDR was convinced that it found alarms such as "some OA unauthorized file upload vulnerability" and "Webshell traffic detection". After confirming it as a positive report, it found that the OA system was executed malicious commands and uploaded Webshell files and other attacks.

It was later confirmed that the incident was an OA 0day vulnerability attack, which took only 5 minutes from the attack to the report.

Reported high-value events accounted for more than 50%, corrected the missing attack results, and was convinced that XDR could not be withdrawn after the exercise.

-- one of the top 500 enterprises in the world

During the attack and defense exercise of one of the world's top 500 enterprises, according to statistics, among all the reported high-value events, we are convinced that XDR accounts for more than 50% and occupies an absolute advantage.

Among them, convinced that XDR successfully characterized a Web weak password alarm attack as a successful attack by merging the logs of associated SIP and third-party vendors. In other manufacturers' equipment, the alarm was missed. On the other hand, XDR is convinced of the association analysis ability of multi-source data fusion, determines the optimal detection result, and corrects false positives as successful attacks.

We rely on convincing XDR as the total value defense platform.

-- A national unit

Based on the openness of Open XDR, we are convinced that during the attack and defense exercise of a national unit, the XDR platform generated a total of 9.38 billion security logs, and after multi-source data fusion, the number of alarms was reduced to 1.43 million. Finally, 1717 accurate security events were generated through association aggregation, and zero false positives and zero false positives were achieved.

Among them, XDR is convinced that XDR found 2 Webshell upload events, 1 SQL injection event, 1 fastjsion deserialization event, and 1 memory horse communication event, and quickly restored the complete attack storyline to help users snipe the root cause of the threat and complete the emergency response in time.

The alarm number of research and judgment has been reduced from 1.2W to less than 1000, and the efficiency of research and judgment has been increased by 60%.

-- A head bank

During the attack and defense exercise, a head bank ruled out more than 60% of the alarms that did not need to be paid attention to. The original daily alarm volume was 1.2 weeks, and the average number of alerts per day during the exercise was less than 1000.

Behind this, relying on the qualitative ability of convincing XDR threats, users can effectively classify security events and filter the priority event types that need to be paid attention to and dealt with with one click. Therefore, despite the gap in personnel ratio, we are convinced that XDR is still recognized by users with amazing efficiency.

Issue SOAR scripts for automatic disposal 405115 times, while work orders are closed-loop 3691 times, the efficiency is increased by 97%.

-- A national unit

Through the automated handling of scripts by SOAR, we are convinced that XDR plays a vital role in all kinds of collaborative work. During the attack and defense exercise, a unit was convinced that XDR issued the SOAR script and automatically dealt with the blocking strategy for 4050115 times.

Different from the previous methods of paper transfer and telephone notification, the unit also relies on the work order system of convincing XDR to cooperate with the local government for a total of 3845 times, closed-loop work orders for 3691 times, with a completion rate of 99.52%. The work efficiency has been reduced from a few hours to 5 minutes, and the efficiency has been improved by 97%.

Secure GPT technology enables XDR to detect 0day without rules and intelligence.

-- A large central enterprise

The traditional security device 0day loophole has always been a hanging "sword of Damocles". During this attack and defense exercise, through security GPT technology enabling, convinced XDR in the absence of rules, intelligence and other premise, detected a product remote command execution 0day vulnerability attack.

In the face of centralized advanced threat attacks during attack and defense drills, even operators at the expert level will spend hours or even days on analysis and evaluation, and there will still be deficiencies in some areas. The improvement of actual combat efficiency and effectiveness is faced with greater development bottlenecks.

We are convinced that Security GPT not only has the ability of generalized detection, but also has the ability of high-quality attack interpretation, as well as the ability to analyze the situation and generate recommendations. Compared with traditional detection engines, the advanced threat detection rate of XDR with secure GPT technology is as high as 95.7%, and the false positive rate (the percentage of false positives in security alarms) is only 4.3%.

After many rounds of verification and testing, we are convinced that the security GPT technology has reached the level of security experts with 5 years of experience.

As a national unit user bluntly said: "deeply convinced of the effect of XDR, subvert my understanding of safe operation products."

The "Open platform + leading components + Cloud Services" with AI as the core is convinced that XDR has created a new paradigm for secure operation. This new paradigm is based on the open platform XDR, which carries core competencies, fully connects various components to multi-source data aggregation and analysis, takes AI as the capability, and makes full use of cloud data, computing power, expert resources, and cloud-based collaborative services to form a systematic and intelligent operation mode, helping organizational units to raise the safe water level, making actual combat attack and defense more worry-free, more efficient and more intelligent.

Deeply convinced that XDR has handed over its stage report card in this year's actual combat attack and defense exercise, "when it is time to work hard and set sail, we are ready to move forward again". We believe that safety operation is moving towards the era of "intelligent driving" and is committed to "security one step ahead" for every user.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.