Zero Trust & XDR: The New Architecture of Defense

What do the Colonial Pipeline ransomware attack, Florida water hack, and Twitch data leak share in common? All were high impact, but none of them were sophisticated cyberattacks.

Rather, three years of rapid digital transformation have resulted in a sprawling and porous attack surface of distributed workforces and network environments (cloud, edge, on-premises). The game has changed, but most organizations are still operating on dated tech stacks and security models, making it easy for bad actors to take advantage.

Many companies are realizing it's time for a new security playbook that addresses the needs of the modern workforce.

Zero Trust: Never Trust, Always Verify

What keeps CISOs up at night? Uncertainty about the security posture of their endpoints and data; the massive potential for human error (Colonial Pipeline); and the complexity of, well, the evermore complex IT environment of today. In other words … chaos.

The solution? One simple rule: never trust, always verify — zero trust.

The official definition of zero trust from Forrester Research, originator of the concept, is:

"Zero Trust is an information security model that denies access to applications and data by default. Threat prevention is achieved by only granting access to networks and workloads utilizing policy informed by continuous, contextual, risk-based verification across users and their associated devices. Zero Trust advocates these three core principles: All entities are untrusted by default; least privilege access is enforced; and comprehensive security monitoring is implemented."

Let's unpack that definition:

✔ You deny access to data and applications by default.

✔ You grant access only to users, networks and workloads adhering to the framework.

✔ You continuously verify the identity of all users and their devices.

✔ You enforce least privilege access by default.

✔ You implement comprehensive security monitoring.

Since its introduction, the evolution to zero trust has greatly increased security over legacy-based approaches that granted frictionless access to users and applications once a perimeter was cleared, but it is not perfect.

A zero-trust posture works great at limiting access and the potential blast radius of an attack, but does not itself protect the kingdom from persistent attacks on IT environments and users.

While identity and access management (IAM) tools handle the never-trust-always-verify principles of the zero-trust security framework, additional tools such as XDR are still needed to insulate your network, applications, and endpoints from the constant attacks that most organizations face.

XDR: The Solution to Siloed Security

Considered an evolution of endpoint detection and response (EDR) and network detection and response (NDR), extended detection and response (XDR) offers protection throughout critical areas of your network, devices, applications, and IT infrastructure.

How?

Gartner's definition of XDR holds the answer:

"Extended detection and response describes a unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components."

Put simply, XDR shatters the point-solution silos that prevent a complete view of your security posture, actively monitors all systems, AND intelligently identifies and acts on threats when they occur.

The capabilities under the hood making this possible include:

--Analytics and Detection

✔ Internal and external traffic monitoring to identify threats even if they bypass your network perimeter.

✔ Integrated threat intelligence to preempt attacks already executed elsewhere on your system.

✔ Machine learning-based detection for catching zero-day and anomalous threats that can bypass signature-based methods.

--Investigation and Response

✔ Correlation of related alerts and data to help security teams stealthily determine the root cause of an attack and predict the adversary's next step.

✔ Centralized user interface (UI) to expedite documentation and response times.

✔ Response and orchestration capabilities, such as automatically blocking an endpoint attack and then updating org-wide endpoint policies.

--Dynamic and Flexible Deployments

✔ Security orchestration integrating with existing controls to ensure unified and standardized responses.

✔ Scalable, cloud-based storage and compute so historical data (and the advanced persistent threat patterns it reveals) is preserved.

✔ Machine learning and threat intelligence for informed, iterative improvement over time.

XDR and Zero Trust Working Together

With the global average cost of a data breach reaching an all-time high of $4.35 million, it's no wonder 97% of IT and security pros see implementing zero trust as a top priority.

However, the implementation of zero trust in itself is not the full answer to modernizing security posture. XDR helps to complete the comprehensive security monitoring requirements of zero trust by stacking multiple security technologies into a single platform.

The evolution to a zero-trust security posture enhanced with XDR protections ensures that even the most distributed workforces remain protected across all users, applications, and environments.

About the Author

Bruno Darmon is the Chief Strategy Officer at Cynet, a provider of natively automated XDR platform. Bruno has over 25 years of high-tech leadership, sales and entrepreneurial experience. Prior to joining Cynet, Darmon served 17 years as Vice President of EMEA Sales at Check Point Software Technologies.