Putting Zero Trust 2.0 into practice in five steps (InfoGuard Cyber Security Newsletter)

Cyber Defence with Cortex XDR – in a dedicated SOC or as a managed SOC service

The statistics bear out the fears: the number of cyber attacks continued to rise in 2023. And there’s little hope of any respite in 2024, according to reports from BACS. Swiss organisations also find themselves in the crosshairs of global cyber criminals. Rapid detection and response is and will remain crucial. Do you rely on your own SOC or a managed security provider? We provide you with key decision-making insights and an optimised solution approach.

The attack reports received by the Swiss Federal Office for Cybersecurity (BACS) at the beginning of the year paint a bleak picture for 2024 . A well-thought-out security concept for cyber defence should now be a top priority on your agenda.

Whether it’s a “make or buy” scenario – it has to be safe

You’re probably asking yourself whether you want to manage cyber defence yourself or entrust it to a professional security service provider. When designing your own Security Operations Center (SOC) or Cyber Defence Center (CDC),  as we call it, it’s essential that you select agile security solutions. Modern cyber attacks are becoming more complex every day and pose an enormous risk to companies and their smooth running.

In order to effectively protect companies against the constantly changing threat landscape, AI-driven solutions are required that are adaptable using machine learning and directly address the endpoints. You can operate such solutions in your SOC yourself or choose a security provider that deploys them at its cyber defence center.

Everything under control with XDR-driven cyber defence

A successful cyber defence center essentially combines three components:

  1. specialists (people)
  2. processes (process)
  3. tools (technology)

The requirements are that the CDC must detect, analyse, evaluate and respond to cyber attacks around the clock – and initiate the incident response process in the event of an incident.

To decide whether to “make or buy”, you therefore need to answer the following questions:

  • Do you have right specialists and are they available 24/7?
  • What technological solutions and processes do you need in your company for successful cyber defence and an immediate response in the event of a security incident?
  • And last but not least, what does the implementation and operation cost your company?

Three pillars of a successful cyber defence center

A cyber defence center usually consists of a team of experienced security analysts with various tasks, such as detecting and analysing security attacks, initiating countermeasures and ultimately also supporting mitigation. However, this is only half the battle. In addition to well-trained and experienced experts, the right tools and processes are also required.

1. Cyber defence needs experienced specialists

Capable and experienced security analysts are at the heart of a cyber defence center. Despite the use of AI-driven tools such as Cortex XDR from Palo Alto Networks, human skills and many years of experience are indispensable for detecting and analysing anomalies and initiating countermeasures in time.  

In addition to incident response, your SOC team’s remit also includes proactive activities such as threat hunting and threat intelligence. The demands on employees are high and experienced experts are in short supply. At the same time, they need to be available and ready for action around the clock – because cyber criminals are not renowned for keeping standard office hours.

2. Cyber defence needs state-of-the-art tools


Cyber defence requires not only top experts, but also the right tools for rapid detection, assessment and response, such as Cortex XDR from Palo Alto Networks. Such platforms recognise anomalies, compare them with external threat feeds and examine the entire infrastructure in real time to detect potential attacks.

In the event of an attack, a rapid response must be possible by enabling the XDR platform to start analyses on all end devices, scan the entire infrastructure for indicators of compromise and contain the spread.

3. Cyber defence needs established processes

Once you’ve found the right experts in your cyber defence center and are using the right tools, another element is key for your successful cyber defence: functioning interfaces and established processes. It is essential that the cyber defence center is integrated into corporate processes such as risk management. This also includes mapping the infrastructure and assets in the cyber defence center tools.

Established processes play an equally important role within the cyber defence center. Analysts work in different tiers and use standardised playbooks to ensure that security incidents are dealt with efficiently.

“Make or buy” – we help you with this important decision

As you can see, setting up an SOC with the necessary resources and specialists, keeping them up to date at all times and ensuring 24/7 operation is no mean feat and entails a not inconsiderable financial burden. As a result, it is worth considering whether to source the entire service from an appropriate service provider, or at least to outsource some of the tasks in terms of a co-managed SOC.

Cortex XDR – the central point of your cyber defence

For both approaches – whether the “make” or “buy” scenario – suitable extended detection & response (XDR) solutions, such as Cortex from Palo Alto Networks, are essential. The unified Cortex XDR agent covers all attack vectors with different security functions and several complementary engines: starting with a wide range of AI-supported analysis, containment and response functions, behaviour-based protection measures, the prevention of exploits or the theft of login data, right up to the integration of cloud-based malware security measures and regular scans.

The Cortex XDR platform also provides a centralised user interface for managing alerts, security incidents and policies. The consolidation of security-related data through Cortex XDR provides customers with a comprehensive picture of attacks as well as facilitating alert processing and the initiation of countermeasures, which in turn speeds up forensic investigations and reduces the workload. Cortex XDR provides a rapid response to incidents and uses acquired knowledge to recognise future attacks.

The Palo Alto Networks agent can be quickly installed on all endpoints via a cloud-native management service. This shortens the time needed to protect new systems, simplifies security processes and is also indispensable for our CSIRT when they are called in by an affected company to help with a cyber attack (as was required by over 260 companies last year alone).

Conclusion: why “buy” is more economical and efficient than “make”

As you can see, cyber defence is demanding and costly work. Due to the shortage of skilled labour in particular, companies are finding it increasingly difficult to find capable staff. In addition, the costs for setting up the processes and tools are enormous.

Here is a direct comparison of the variants:

infoguard-blog-tables_vergleich_make_buy_en

Source: Palo Alto Networks

Are you finding the “make or buy” decision difficult?

Then let us advise you. Our experts will help you find the right approach for your company.

We can show you how to implement successful Cyber Defence as a managed or co-managed service, with rapid service onboarding that fits your infrastructure and is based on proven technologies and aligned processes.

Contact us and we’ll support you in your SOC decision.

Contact us now!

Would you like to stay up to date about cyber security and never miss an article? Then subscribe to our blog updates now and receive the latest articles delivered conveniently to your inbox.

Subscribe to blog updates!

<< >>

Cyber Defence

Estelle Ouhassi
About the author / Estelle Ouhassi

InfoGuard AG - Estelle Ouhassi, Marketing Manager

More articles from Estelle Ouhassi


Related articles
Mobile stalkerware on the rise: how to keep your devices secure? [PART 1]
Mobile stalkerware on the rise: how to keep your devices secure? [PART 1]

How well is your phone protected against malware and stalkerware? Given that half your life is stored in it, [...]
AI against cyber attacks – not without human expertise
AI against cyber attacks – not without human expertise

In an environment of ever-growing cyber threats, especially from ransomware, artificial intelligence (AI) and [...]
(New) Volume Business: Fully Automated Scan and Reasonable Ransom Amount
(New) Volume Business: Fully Automated Scan and Reasonable Ransom Amount

Atlassian recently announced a new security vulnerability in its Confluence Enterprise Server. The InfoGuard [...]

Exciting articles, the latest news and tips & tricks from our experts on all aspects of Cyber Security & Defence.

Blog update subscription
Social Media
infoguard-cyber-security-guide-2