Cegeka Careers Language Why Cegeka Back
Trinity of Innovation

5G, Artificial Intelligence and hybrid cloud: all breakthrough technologies in and by themselves. But their real potential?

Discover the future with us
Icons_Navigation_Cegeka&Society

Cegeka & Society

We develop innovative solutions with a positive impact on the environment, people, and society.

Icons_Navigation_Why Cegeka

Why Cegeka

As a family-owned IT solutions provider, we work In close cooperation with our customers.

Icons_Navigation_Our Story

About Us

Our strong values form the cornerstone of our identity and are at the baseline of our success.

Icons_Navigation_Annual Report

Annual Report

Dive into the details of our growth. Read the full report and learn more about our continued success.

More Cegeka

Our Management

Corporate News

Contact & Locations

Solutions Back
Solutions
Hybrid Cloud

Hybrid Cloud

Explore the added value of cloud adoption for your business

Data solution

Data & AI

Discover our different data solutions to help you become a data-driven company.

RegulatoryCompliance_Visuals_Navigation (1)

Regulatory Compliance

Ensure GDPR & GxP compliance with our comprehensive solutions.

Cyber Security & Networking Solution

Cyber Security & Networking

With cyber resilience, your organisation becomes a bit more secure with each day.

Digital Workplace Solution

Digital Workplace

Hybrid workplaces that increases productivity and reduces costs.

Testing_Visuals_IconNavigation (1)

Quality Engineering

Ensuring seamless software, one Test at a time.

Applications Solution

Applications

Building the applications to embed growth, innovation and agility

Business Solutions

Business Solutions

Transform your business with Microsoft Dynamics ERP and CRM, integrated with Microsoft’s Power Platform.

5G_Citymesh

5G & Mobile Private Networks

Expertise and development experience to bring all the advantages of 5G.

Products and platform solutions

Products & Platforms

Software solutions that optimize business processes and drive success.

Services Back
Services
Website_Navigation_IT_Team_Extension_3

IT Team Extension

The best IT professionals to support your projects

Outsourcing Services

Outsourcing & Managed Services

Outsourcing your IT helps you to focus on your strategy.

Website_Navigation_Consultancy

Consultancy

The right skills and attitude to support the IT projects at your office

Website_Navigation_Projects

Projects

Integrating the right digital solutions for your IT project

Industries Back
Industries

Our industry-tailored services are designed to address specific challenges and opportunities across different industries

All industries
Website_Navigation_Agri_and_Food

Agri & Food

Cegeka has a deep understanding of the agri and food ecosystem and the opportunities it creates.

Website_Navigation_Healthcare

Healthcare

By creating leading digital solutions and connecting individuals, processes and systems.​

Energy & Utilities

Energy & Utilities

The arrival of smart electricity grids will allow companies to take care of their own energy management

Finance & Insurance

Finance & Insurance

Take major steps towards cloud computing to increase effectiveness through the use of AI and big data.

Manufacturing

Manufacturing

Production chains are becoming intelligent networks with real-time track-and-trace systems.

Website_Navigation_Mobility

Mobility

Offer citizens, businesses and visitors a better experience by integrating the best digital solutions for mobility.

Insights Back
Knowledge is our backbone

We believe in sharing our insights and expertise with you. Explore our resources and learn more about our products, services and industry trends.

Icons_Navigation_Case Studies

Case Studies

Step into the world of our delighted customers and see how we helped them achieve their goals.

Icons_Navigation_News Items

Corporate News

Stay in the loop with our company news, announcements, awards and events.

Icons_Navigation_Blogs

Blogs

Read our latest articles on topics ranging from technology, innovation, business and beyond.

Icons_Navigation_Webinars

Webinars

Be part of the action with our live or on-demand webinars, where our experts share invaluable knowledge.

Icons_Navigation_Ebooks

E-books & Whitepapers

Download our guides and reports on various aspects of technology and business.

Icons_Navigation_Events

Events

Find out where we are going to be next, and register for our upcoming events.

CTG Academy

Academy

Enhance your skills with our expert-led training courses, tutorials, and certifications at our Academy.

Join our Academy
Back
Select language

English

Corporate (English)

Austria (German)

Belgium (Dutch)

Belgium (French)

Denmark (English)

Germany (German)

Greece (Greek)

Italy (Italian)

Romania (English)

Sweden (English)

The Netherlands (Dutch)

United Kingdom (English)

Let’s get in touch
Cegeka Why Cegeka
Trinity of Innovation

5G, Artificial Intelligence and hybrid cloud: all breakthrough technologies in and by themselves. But their real potential?

Discover the future with us
Icons_Navigation_Cegeka&Society

Cegeka & Society

We develop innovative solutions with a positive impact on the environment, people, and society.

Icons_Navigation_Why Cegeka

Why Cegeka

As a family-owned IT solutions provider, we work In close cooperation with our customers.

Icons_Navigation_Our Story

About Us

Our strong values form the cornerstone of our identity and are at the baseline of our success.

Icons_Navigation_Annual Report

Annual Report

Dive into the details of our growth. Read the full report and learn more about our continued success.

More Cegeka

Our Management

Corporate News

Contact & Locations

Solutions
Solutions
Hybrid Cloud

Hybrid Cloud

Explore the added value of cloud adoption for your business

Data solution

Data & AI

Discover our different data solutions to help you become a data-driven company.

RegulatoryCompliance_Visuals_Navigation (1)

Regulatory Compliance

Ensure GDPR & GxP compliance with our comprehensive solutions.

Cyber Security & Networking Solution

Cyber Security & Networking

With cyber resilience, your organisation becomes a bit more secure with each day.

Digital Workplace Solution

Digital Workplace

Hybrid workplaces that increases productivity and reduces costs.

Testing_Visuals_IconNavigation (1)

Quality Engineering

Ensuring seamless software, one Test at a time.

Applications Solution

Applications

Building the applications to embed growth, innovation and agility

Business Solutions

Business Solutions

Transform your business with Microsoft Dynamics ERP and CRM, integrated with Microsoft’s Power Platform.

5G_Citymesh

5G & Mobile Private Networks

Expertise and development experience to bring all the advantages of 5G.

Products and platform solutions

Products & Platforms

Software solutions that optimize business processes and drive success.

Services
Services
Website_Navigation_IT_Team_Extension_3

IT Team Extension

The best IT professionals to support your projects

Outsourcing Services

Outsourcing & Managed Services

Outsourcing your IT helps you to focus on your strategy.

Website_Navigation_Consultancy

Consultancy

The right skills and attitude to support the IT projects at your office

Website_Navigation_Projects

Projects

Integrating the right digital solutions for your IT project

Industries
Industries

Our industry-tailored services are designed to address specific challenges and opportunities across different industries

All industries
Website_Navigation_Agri_and_Food

Agri & Food

Cegeka has a deep understanding of the agri and food ecosystem and the opportunities it creates.

Website_Navigation_Healthcare

Healthcare

By creating leading digital solutions and connecting individuals, processes and systems.​

Energy & Utilities

Energy & Utilities

The arrival of smart electricity grids will allow companies to take care of their own energy management

Finance & Insurance

Finance & Insurance

Take major steps towards cloud computing to increase effectiveness through the use of AI and big data.

Manufacturing

Manufacturing

Production chains are becoming intelligent networks with real-time track-and-trace systems.

Website_Navigation_Mobility

Mobility

Offer citizens, businesses and visitors a better experience by integrating the best digital solutions for mobility.

Insights
Knowledge is our backbone

We believe in sharing our insights and expertise with you. Explore our resources and learn more about our products, services and industry trends.

Icons_Navigation_Case Studies

Case Studies

Step into the world of our delighted customers and see how we helped them achieve their goals.

Icons_Navigation_News Items

Corporate News

Stay in the loop with our company news, announcements, awards and events.

Icons_Navigation_Blogs

Blogs

Read our latest articles on topics ranging from technology, innovation, business and beyond.

Icons_Navigation_Webinars

Webinars

Be part of the action with our live or on-demand webinars, where our experts share invaluable knowledge.

Icons_Navigation_Ebooks

E-books & Whitepapers

Download our guides and reports on various aspects of technology and business.

Icons_Navigation_Events

Events

Find out where we are going to be next, and register for our upcoming events.

CTG Academy

Academy

Enhance your skills with our expert-led training courses, tutorials, and certifications at our Academy.

Join our Academy
Corporate (English) Austria (German) Belgium (Dutch) Belgium (French) Denmark (English) Germany (German) Greece (Greek) Italy (Italian) Romania (English) Sweden (English) The Netherlands (Dutch) United Kingdom (English) Careers Let’s get in touch
Home Discover our latest blogs Discover our latest blogs Managed Detection & Response for Security Breaches
Cyber security & Networking
4 minutes reading

Managed Detection & Response for Security Breaches

The accelerated digital transformation and increasingly brutal, targeted cyberattacks are making it a real challenge to protect your organization. In this article we explain why it is best to complement a SIEM with NDR and EDR to reduce the impact of cyber threats.

Fabrice Wynants

Fabrice Wynants

June 30, 2021

Accelerated digital transformation

The digital transformation is rapidly changing the traditional IT landscape in many organizations. These organizations are looking for ways to run their business more efficiently, for new opportunities and even for new business models.

The pandemic and the ensuing lockdowns in 2020 have accelerated this digitization process even further. Many more organizations have now implemented telework at a structural level. This gives cybercriminals plenty of new opportunities, since employees' computers and mobile devices are often less secure at home than inside the company perimeter. In Blackberry's annual Threat Report, no less than one-fifth of the organizations surveyed cited homeworkers as a cause of security issues.

Endpoints are the new perimeter

All this means that securing the corporate network has become more challenging than ever. There is no longer a clear perimeter separating the internal corporate network from the outside world, such as a corporate firewall protecting all devices in the office. The endpoints (i.e. employee’s computers and mobile devices) have become the new perimeter.

Even after the pandemic, many organizations are likely to continue to make more use of telework and other forms of decentralized working. The days when you could simply place a firewall around your entire organization are definitely over.

Evolving threats

In addition to the IT landscape, the threats themselves are also evolving faster. Today's cybercriminals have become more professional in two ways:

  • They have acquired more advanced technical skills, and have higher budgets for state-of-the-art large-scale attacks. The Hafnium attacks on the Microsoft Exchange servers are a good example.
  • They are also more motivated and focused, carrying out well-prepared and targeted attacks. While phishers used to cast a wide net, they now focus on CEO fraud and ransomware.

Today's attacks are therefore more sophisticated and targeted than in the past. If your organization is targeted by cybercriminals, the threat is real.

Detect and respond

An important weapon in the fight against cybercrime is early detection of security incidents. This is the basis for a sound security policy. Without it, a computer intrusion can remain under the radar for months. This gives cybercriminals the time they need to systematically breach your infrastructure and do even more damage.

The longer it takes to detect or respond to a security incident, the greater the operational impact will be. This can have far-reaching consequences, ranging from intellectual property theft to lost revenue due to the interruption of production processes, to damage to your reputation.

MDR Quadrants SOC EDR SIEM NDR

Security Operations Centres (SOCs)

The changing IT landscape and these evolving threats require a shift in mentality: you need to assume that somebody is trying to hack you at all times, and adjust your behaviour accordingly. Organizations must always be alert to possible security incidents.

A first step in detecting and responding to security incidents in a timely manner is to establish or outsource a Security Operations Centre (SOC), which monitors your organization for potential cyber security incidents. A SOC consists of analysts who use industry-leading tools to collect information from all kinds of systems and applications around the clock, and investigate possible security breaches.

Security Information & Event Management (SIEM)

One of the tools that SOC analysts have been using for years is Security Information & Event Management (SIEM). This system collects logs from various sources (servers, applications, network devices, etc.), correlates the data and provides real-time analysis and notifications of suspicious events.

However, the challenge of a SIEM is that it requires you to collect a lot of logs from a variety of systems. Not all of these systems are built with cyber security in mind, so the data is not always relevant. So in the end, SOC analysts usually have to look for a small needle in a huge haystack. For this reason, a SIEM alone is no longer sufficient for detecting advanced security attacks.

Network Detection and Response (NDR)

Analysing network traffic is nothing new in the security world. After all, network traffic is one of the sources analysed by a SIEM, but a SIEM has blind spots. A Network Detection and Response (NDR) system will complement it by offering a broader view.

NDRs focus on the interactions between different devices on the network and use advanced behavioural analysis algorithms complemented by machine learning and artificial intelligence (AI).

This enables NDRs to automatically determine the risk level of network traffic and to detect anomalies, even in the case of attacks of an as-yet-unknown type. Because of the broader context it uses, SOC analysts receive fewer but more relevant threat reports.

Endpoint Detection and Response (EDR)

Due to the accelerated digital transformation and increase in telework, endpoints have become the new perimeter, so you have to assume that any endpoint can be compromised. Detecting and blocking threats is best done at the level of the endpoint itself.

That’s what an Endpoint Detection and Response (EDR) system does. This system is installed on the endpoint device, and continuously monitors and analyses the use and data of the endpoints. Abnormalities in user behaviour (possibly indicating a cybercriminal who has broken into the user account), device processes or the software itself (possibly indicating the presence of malware) are thus detected at the source and reported as quickly as possible.

Automatic response

While a SIEM mainly collects information, NDRs and EDRs also have far-reaching capabilities for responding to threats automatically. For example:

  • If an NDR detects suspicious network traffic, it can send a command to a firewall to block it
  • If an EDR detects suspicious user behaviour on an endpoint, the user's account can be deactivated preventatively, and the PC can immediately be isolated from the network to prevent further damage

These automatic responses ensure that any threat detected is eliminated as quickly as possible, which gives cybercriminals fewer opportunities to cause damage to your systems and reduces the operational impact of cyber threats. That’s why EDR and NDR are the most important new tools to allow SOCs to respond quickly and efficiently.

Managed Detection & Response offers many benefits to your organization. Take a closer look at how this solution can drive cost-effectiveness, while still allowing you access to the most up-to-date detection and response technologies available, 24/7.

Fabrice Wynants

Fabrice Wynants

More of Fabrice Wynants articles

Get in touch