Vibin Shaju VP Solutions Engineering EMEA at Trellix

There is little rest, it seems, for CISOs in the Arab Gulf region. In its latest Cost of a Breach analysis, IBM estimated a combined average for the United Arab Emirates (UAE) and Saudi Arabia of more than US$5.3 million per incident. Figures like these are stressors for GCC cybersecurity leaders, who face an uphill struggle to stave off the advances of threat actors amid the creep of IT complexity, the widening of skills gaps, and the dwindling of on-hand resources — according to Trellix’s recent “Mind of the CISO” report, 66% of CISOs in the UAE and KSA still believe their organizations lack the right people and processes to be cyber resilient and almost three quarters (74%) believe their current technology setup is insufficient.

Clouds, on-premises, users, and platforms operate under siege. Ransomware gangs have set their sights on inadequately protected crown jewels. Some of their campaigns are sophisticated, multistage assaults that do not discriminate on a business’s industry or scale.

To prevent the nightmare scenario, we must look to the endpoint. But to even see the endpoint we must address visibility and control issues that are the unfortunate remnants of the necessary cloud migration that took place during pandemic lockdowns. In fact, in the Trellix “Mind of the CISO” research, better visibility was cited, by security teams in the UAE and KSA, as the number one area where their security solutions need to get better. If we can only return visibility and control of endpoints to the SOC, then security teams will be able to act before, during, and after ransomware attacks to bring about better outcomes.

Today’s endpoint detection and response (EDR) technologies are a significant step beyond the prevention-oriented security tools of old. They concentrate on giving security analysts and threat hunters a window into attacker activity in progress, allowing detection and investigation. But they also grant before-and-after agency over endpoints to SOCs, empowering the CISO and their team to manage and protect devices prior to the attacker making their move and respond after the payload is dropped.