When it comes to the integrity of information, we are increasingly operating in a world, to paraphrase Donald Rumsfeld, of unknown unknowns.

The nature, timing and origin of cyber attacks is proving difficult to predict as more sophisticated tactics and tools are employed by those seeking to access or damage critical IT infrastructure.

The threats are such that the issue is no longer siloed with the CTO and his team, becoming instead a matter of urgency in boardrooms around the world, argues Nicholas Warner, Chief Operating Officer of leading cybersecurity firm SentinelOne, explains to Arabian Business that the use of artificial intelligence (AI) is becoming a necessary tool to identify the threats as they emerge – whatever form that takes.

What are the main challenges for a company to secure their data in a digital world?

With the widespread adoption of cloud applications and cloud storage, organisations now need to access and process large amounts of data – more than ever before. This makes networks hard to manage, to the point that even seeing what is connected to an organisation’s network is not always possible.

More people are also working remotely and, as a result, the number of devices is constantly growing – meaning there’s no such thing as an “internal” network anymore. For the crime industries that benefit from ransomware, all of this is a big plus.

For defenders – particularly enterprises – it means no device, cloud or user can be trusted. Security needs to be everywhere, and it starts from the endpoint, the last link before humans.

Why isn’t using a traditional antivirus solution sufficient to protect from cyber threats anymore?

A quick look at the news headlines in every geography tells the tale of successful cyberattacks – specifically ransomware attacks. What do these impacted organisations have in common? Most are relying on legacy, signature-based antivirus tools. Legacy AV is reactive, heavy on the device, hard to manage and proven to be largely ineffective. In the early days of cybercrime, a database-driven approach was better than nothing.

That was the heyday of antivirus but those days are long gone. The largest threat organisations face today comes from cyberattacks. Cybercrime is extremely lucrative for threat actors and it transcends every geography and every industry.

Cyberattacks are highly resourced and automated; within milliseconds, businesses, governments and critical societal functions can cease to operate. Antivirus is not an acceptable or effective answer.

How do we protect against the new security threats?

Many cyberattacks are getting stealthier, often lurking in our digital infrastructure for months before becoming active. As a result, there is exponential growth in persistent but unknown threats.

Technology that learns and predicts should be at the heart of successful cybersecurity, and this is where AI is the answer. AI-powered technologies, such as the SentinelOne Singularity XDR platform, are able to not only prevent breaches but also remediate them.

Our technology mathematically maps all activity on the device to determine the benign from the malicious. Being able to pinpoint malicious behaviour and predict attacks before – or even during the earliest stages of – an attack and remediate them is how we can keep pace.

Remediation allows for the clean-up of all stages of the attack, so the device is in a perpetually clean state. Leveraging data to deliver cybersecurity across endpoints, IoT devices, and cloud workloads translates into a powerful security tool delivering all the benefits expected from a complete solution: wide-ranging visibility, autonomous detection and response, comprehensive integration, and ease of use. Cybersecurity is a problem that must be solved with machines, not big teams.

What differentiates the XDR technology from previous detection-and-response approaches?

XDR is about applying the capabilities of EDR (Endpoint Detection and Response) well beyond the endpoint device. So, it goes beyond the “endpoint” and all the way to X – which is “everything” defined as the cross section of enterprise data. To us, XDR is extended data and response. It is about securing the entire modern enterprise, transcending endpoint devices to include cloud workloads, containers, IoT devices – anywhere that data resides.

Being able to prevent attacks, as well as detect and respond to them autonomously across the entire enterprise attack surface, fundamentally changes cyberdefence. XDR isn’t incremental. It’s transformational. XDR becomes a strategy for enterprise-wide prevention and proactive cybersecurity for the modern enterprise operating in private, public and hybrid clouds.

Is XDR a “one size fits all” type of solution or can certain types of organisations make better use of it than others? What are some of the use cases that XDR is particularly well suited for?”

There is no one-size-fits-all in cybersecurity, but there are better techniques than others. The journey of securing enterprises against the new realities of cybercrime has just begun: we must overcome the threat of ransomware and we must come to terms with the reality that humans alone can’t solve this exponentially growing problem.

There simply isn’t enough talent or budget for people to be the solution. The elegance and value of technology goes beyond the capability of the human – it augments each of us. Today, organisations are losing and XDR is a means to see what is going on in your network and gain the possibility of proactive action.

An XDR platform is flexible enough to fit your needs and also easy to use going forward. We simply don’t have enough cybersecurity professionals to keep this labour intensive.

What is XDR?

XDR is short for “extended detection and response” and represents the evolution of EDR into a solution for today’s security challenges. Cybersecurity is often compared to an arms race between attackers and defenders and by combining endpoint with network and application telemetry, XDR provides the security analytics needed for an organisation to win it.

An XDR platform such as the SentinelOne Singularity XDR can proactively identify sophisticated threats at machine speed, increase the productivity of the security or SOC team, and massively improve profitability

Which parts of the network does XDR impact?

Cyberattacks typically affect a number of different areas inside an organisation. The visibility provided by XDR is the only way to get a complete view of what happened, when, where, and how. The same contextualised action threads that SentinelOne’s ActiveEDR provides at the endpoint level can now be created at multiple levels: cloud, containers, virtual machines, IoT, endpoints, servers, and more.

How does SentinelOne’s Singularity XDR work?

An XDR platform such as the SentinelOne Singularity XDR can proactively identify sophisticated threats at machine speed, increase the productivity of the security or SOC team, and massively improve profitability. The solution is even able to reverse attacks in real time.

Prevention is possible by leveraging AI models that reside on the device and in the cloud to mathematically predict file-based attacks. Using patented behavioural AI, even never-seen-before variants and zero-day exploits are detectable. Also, automation coupled with powerful software enables rich remediation capabilities. Remediation allows for the clean-up of all stages of the attack, so the device is in a perpetually clean state.

How does SentinelOne’s platform use AI to prevent future attacks?

Singularity is the industry’s first autonomous XDR and it is unique in the fact it has the ability to leverage the power of data to train models, ingest data from every device and cloud, and constantly enrich the platform. The key to this is the underlying data in an enterprise. Leveraging that data to deliver cybersecurity across endpoints, IoT devices and cloud workloads translates into a powerful security tool.