If zero trust is the brain that watches out for the health of the digital body, extended detection and response (XDR) serves as the nerves that bring it information. And as the digital world rapidly changes, XDR can adapt. Why is pairing XDR with zero trust the right choice?
Zero Trust in a Changing World
So, what’s changing? Part of it has to do with a digital threat landscape that is evolving. Both the frequency and the sophistication of attacks are changing. The FBI’s Cyber Division received as many as 4,000 complaints of digital attacks a day in the first half of 2020 — up 400% over what they saw the previous year.
At the same time, the number of endpoints on corporate networks is growing. Many U.S. organizations saw the number of device connections to the corporate network expand with their shift to remote work. And there are good reasons to make that shift. In a 2021 survey, PwC found that 83% of employers considered the shift to remote work to have been successful. Over half (55%) of employees said they would like to work remotely at least three days a week going forward.
A Gift and a Curse
Those factors show why it’s helpful to follow a zero trust model as threats increase and workers spread out. But it also makes zero trust architecture that much more difficult to build. How are security teams supposed to see, verify and protect many different types of devices in a timely manner?
Timely is the operative word here. Security teams can’t spend all their time manually verifying and re-verifying the trust of connection attempts. There’s not enough time in the day. Indeed, they need to figure out some way to streamline this process. That way, they can maximize their positive impact on their security posture.
Shifting to XDR
The answer is to embrace XDR. In order to answer the question “What is XDR?” we have to know where XDR came from. And that story traces back to endpoint detection and response (EDR).
EDR’s Strengths and Limits
EDR operates on two fundamental principles. The first is to monitor the network constantly. The EDR process begins by setting up a secure baseline for an endpoint. It then uses that baseline to monitor for suspicious users, odd processes and other signs of potential threats.
Next, consider automated response. The process collects all of the information it observed on the endpoint and aggregates it together into a central database. It then uses the input of forensic tools and/or a human analyst to craft a response.
EDR can use this flow to help to strengthen defenses against potential threats. But it can only do so from the vantage point of an endpoint or group of endpoints where it resides. That makes scalability an issue. Organizations may need to purchase more licenses for the growing number of devices connected to the corporate network.
Even then, EDR can monitor for and detect only certain kinds of threats. It’s limited to the endpoint, so it can’t pick up on events like lateral movement. As such, it has limited visibility into an attack chain that might involve multiple assets, different parts of the network or cloud environments.
How XDR Fills Those Gaps … and Enables Zero Trust
Hence the need for something like XDR. XDR serves as an alternative to or evolution of EDR, network traffic analysis (NTA) tools, SIEM solutions and other ‘reactive’ tools. It does this by using threat intelligence feeds and multi-dimensional traffic algorithms to spot potential attacks before the damage is done. XDR does this work in real time not only across individual endpoints but also in the cloud and throughout the network.
These increased functions enable organizations to use XDR to address the zero trust timing issue discussed above. XDR is all about artificial intelligence, machine learning and other advanced analytics. This allows for threat detection in real time. That’s important when security teams need to always verify trust for a growing number of device connections across different network zones.
In that sense, XDR serves as zero trust’s central nervous system. It provides real-time visibility into the types of devices that are connecting to the network. Human defenders can then use XDR’s alerting and monitoring tools to spot digital threats and to respond as quickly as possible.
Scaling Zero Trust With XDR
Zero trust is not a single piece of tech. It relies on single sign-on, multi-factor authentication, network segmentation and other measures to oversee which users to trust. To be sure, those technologies can help organizations achieve the spirit of zero trust. But it can’t help them elevate it to the level of the enterprise-wide security paradigm.
On the other hand, XDR can. It does this by automating visibility across the entire organization. From there, organizations can keep track of their device connections and verify the trust of those assets on an ongoing basis. This puts you in a stronger position to welcome the coming influx of new devices.
This post appeared first on Security Intelligence
Author: David Bisson