6 Ways to Bolster Your Security Operations from On-Device to In-Cloud

CDW’s 2025 Canadian Cybersecurity Study revealed several key indicators that highlight the importance of a holistic security strategy.

As per the study, 61 percent of organizations indicate that public cloud environments are the most impacted IT component from cyberattacks, a notable increase from 43.5 percent in 2022.

Other commonly impacted areas include enterprise networks (41 percent), corporate-owned PCs and laptops (45 percent) and smartphones or tablets (33 percent).

The study shows that cyberattackers are actively targeting not just employee devices but cloud networks as well. That’s why organizations need to revamp their defences with all-around protection.

The following solutions focus on various aspects of modern IT ecosystems that need tailored protection to help build a robust, organization-wide defence.

With a plethora of possible entry points for cyberattackers, it can be hard for security teams to cover all the bases. At the same time, it could be expensive to support security operations around the clock with limited members.

Security analysts may not always have the right capabilities to isolate real threats, get to the bottom of a cyberincident and prevent damage. This is where MDR can strengthen their capabilities.

An MDR service offers several benefits such as 24/7 monitoring, quick incident response and greater bandwidth to hunt down active threats. This way, organizations can ensure better security without expanding their core team.

Our partners at ESET and Bitdefender offer MDR services, each bringing strengths to the table.  

ESET MDR Services

ESET focuses on delivering rapid threat detection and response alongside services for meeting regulatory compliance for organizations. Their key offerings include:

• Speedy threat detection and response: Offers fast mean time to detect (MTTD) and mean time to respond (MTTR) metrics, averaging around 20 minutes. This speed is attributed to their advanced AI-driven detection capabilities and a global network of sensors.
• Global threat intelligence: ESET brings over 35 years of cybersecurity expertise with 11 R&D centres worldwide. ESET is a part of the Joint Cyber Defence Collaborative (JCDC) led by CISA, ensuring access to the latest threat intelligence.
• Compliance and regulatory support: Aids organizations in meeting cybersecurity insurance requirements and regulatory standards, reducing the risk of penalties and legal issues.

Bitdefender MDR

Bitdefender offers protection against cyberattackers seeking to hijack systems using stolen information, alongside features for customized threat protection. Their core capabilities include:

• Dark web monitoring: Bitdefender's MDR service includes extensive dark web detection, identifying leaked or stolen organizational data, including domains, credentials and intellectual property.
• Tailored threat modeling: Offers customized threat modeling based on your organization's unique profile, continuously collecting and processing information to understand your specific threat landscape.
• Comprehensive MITRE ATT&CK evaluations: Proven track record in MDR capabilities as per Engenuity ATT&CK Evaluations that determine service effectiveness.
• Reduced attack surface area with Bitdefender PHASR: Identifies and restricts access to unnecessary tools and risky behaviours while blocking stealthy attacks alongside tailored hardening for endpoints.

In today's digital landscape, organizations are increasingly leveraging generative AI applications to automate daily work tasks. However, these applications also introduce significant risks related to data misuse.

With the potential for sensitive information to be inadvertently exposed to third-party AI tools, it's essential to establish tight controls over what kind of data generative AI applications can access.    

Our partners at Netskope offer a comprehensive DLP solution that is designed to prevent sensitive data from being captured by AI applications. Their automated detection capabilities identify when a sensitive file may be exposed to an AI system.

Moreover, Netskope’s advanced detection capabilities utilize machine learning and AI to identify sensitive files across various formats, including text, images and compressed files.

The detection works across the entire data landscape of the organization, whether in-cloud or local. Netskope’s behavioural monitoring capabilities continuously track user behaviour to detect and respond to unusual activities that may indicate data misuse.    

Key features of Netskope’s DLP solution

• Advanced data identification: Utilizes machine learning and AI to accurately identify sensitive data across various formats, including text, images and compressed files.
• Real-time enforcement: Prevents the upload and posting of sensitive information through generative AI applications by enforcing policies in real time.
• Behavioural monitoring: Continuously monitors user behaviour to detect and respond to unusual activities that may indicate data misuse.
• Integration with SSE platform: Netskope's DLP solution seamlessly integrates with its Security Service Edge (SSE) solution, providing comprehensive security coverage and adaptive responses to generative AI-related data risks.    

The expansion of cloud and SaaS alongside existing on-premises infrastructure has led to complex, fragmented IT environments. Organizations typically rely on many disparate identity stores and toolsets, leading to visibility gaps and operational silos.

Meanwhile, the types of identities (human and machine) and entitlements are proliferating. Cloud platforms like Azure, AWS and Google Cloud can have over 10,000 permission types, challenging IT and security teams to correctly configure access, particularly within dynamic environments.

Organizations either over-permission users, expanding the attack surface or lock down access so tightly that productivity suffers. In addition, a hybrid, borderless workforce presents its own trade-offs with maintaining the right balance of security and access.

Our partners at BeyondTrust empower organizations with a holistic and cohesive approach for assessing and effectively addressing identity-based risks and understanding True Privilege, which encompasses directly assigned privileges as well as potential escalation paths.

Centred on privileged access management (PAM), BeyondTrust enables customers to eliminate identity security blind spots and make least privilege easy. Organizations can effectively, accurately and quickly prioritize their most urgent risks with ML-powered protection, while automated workflows quickly give employees the access they need, for the finite time they need it, while keeping the attack surface minimized.

Key features of BeyondTrust solutions

• Cross-domain identity visibility: Offers centralized oversight of identities, entitlements and Paths to Privilege, enabling organizations to proactively mitigate identity-based vulnerabilities and also detect and respond to threats.
• Least privilege posture: Applies granular privilege controls across endpoints, applications, sessions and cloud environments and supports a just-in-time access model to reduce the attack surface and threat windows.
• Privileged credential and secrets management: Onboards and securely manages privileged accounts and passwords, keys, DevOps secrets, workforce passwords and more to prevent account hijacking and other identity-based threats.
• Secure access for the modern workforce: Applies zero trust network access (ZTNA) and granular control of sessions, whether for humans, machines, employees or vendors, to protect access everywhere.

Organizations must set up security alerts in cloud environments to quickly identify potential threats. But lately, this has given rise to the problem of overwhelming alerts that can create too much “noise” and lead to alert fatigue among security administrators.

Alert fatigue can hamper the effectiveness of security operations centres (SOCs) and prevent timely responses. While alerts are generally a good thing, the inability to identify the most crucial ones can hinder an organization’s ability to defend.

Our partners at Wiz, a cloud security platform, solve this problem by implementing a "zero noise" approach, which tailors the alerts to specific threats, continuously refines detection rules and ensures no alert is ignored. By prioritizing attacker-focused detections and maintaining continuous feedback loops, Wiz enables organizations to cut through the noise and respond swiftly to true threats.

Key features of Wiz alert detection

• Attacker-focused detections: Tailors alerts based on an attacker's perspective, enhancing the accuracy and relevance of detections.
• Continuous feedback loops: Regularly reviews and refines detection rules to minimize false positives and improve detection efficacy.
• Exhaustive alert checking: Ensures every alert is thoroughly investigated, reducing noise and preventing alert fatigue.
• Integration with existing tools: Seamlessly integrates with existing security tools and platforms, enhancing overall security posture without disrupting current workflows.

Active Directory (AD) is a widely used directory service that authenticates users and provides critical identity services to many enterprise applications and processes. It serves as the administrative backbone of the IT ecosystem as it handles most access and provisioning tasks.

For this reason, it often becomes a key target for cyberattackers. If an attacker can infiltrate AD, they can cause massive damage to the entire IT setup, creating severe business impacts spanning days or weeks.

Therefore, administrators should create backups of the AD forest (a schematic configuration of an internal domain) to quickly recover from an attack. However, restoring an AD forest to a trustworthy state from a backup can be a complex and time-consuming process.

To resolve this, our partners at Semperis provide a comprehensive solution for AD forest recovery. The solution offers an automated method for recovering an AD forest without disrupting its original state, ensuring timely recovery.

Semperis offers expert assistance in developing and testing AD recovery plans, conducting disaster drills and setting recovery time objectives (RTOs).

Key features of Semperis Active Directory Forest Recovery

• Simplified recovery process: Automates AD restore to speed recovery to any virtual or physical hardware.
• Malware-free environment: Ensures that the recovered AD forest is free from malware and backdoors, providing a secure and trustworthy post-recovery environment.
• Accelerated incident response: Offers specialized support for conducting AD disaster drills and post-breach research, helping organizations effectively prepare for and respond to cyberincidents.
• Increased cyber resilience: Enhances overall defence against escalating cyberattacks, ensuring operational continuity and supporting robust security measures.

With sophisticated cyberattacks on the rise, more organizations are susceptible to man-in-the-middle attacks that can easily bypass common MFA solutions. Imagine losing your account access even after using SMS-based two-step authentication.

For organizations that safeguard server rooms, business databases or critical data assets with MFA, it’s difficult to ensure dependable security.

In such scenarios, a hardware-based authentication system can make it harder to penetrate your MFA security for all kinds of attackers.

Our partners at Yubico offer the Yubikey solution, which is designed to enforce MFA with a physical security key that is resistant to phishing.

YubiKeys enhance security by leveraging strong public-key cryptography, ensuring that user credentials are bound to the service and only the real site can authenticate with the key. This approach significantly reduces the risk of account takeovers and enhances the overall security posture of organizations.

These features collectively help organizations adopt a zero-trust framework, ensuring that every user and device is properly verified before accessing network resources.

Key features of Yubico

• Prevents MFA phishing: Resolves the need to use MFA methods that often fall prey to phishing by replacing them with a hardware key.
• Passwordless authentication: Enables secure passwordless login, reducing user friction and enhancing productivity.
• Seamless integration: Integrates easily with existing security tools and platforms, enhancing security without disrupting workflows.

As your organization plans to implement stricter security controls, you may need assistance in configuring and designing the ideal security architecture.

CDW Canada brings the value of our security partners with expert cybersecurity services to meet your organizational needs. We enable Canadian organizations with leading cybersecurity solutions across the entire range of cloud, on-device and network security.

CDW works as your personalized partner in your security journey, helping you prepare, defend and respond to cyberthreats. From endpoint security to helping you implement a zero-trust framework, we can help you protect your organization against today’s fast-moving threat landscape.

Start your security journey with us to access key solutions and services from our partners, at every stage of your defence strategy.