News, news analysis, and commentary on the latest trends in cybersecurity technology.

Zero-trust, SASE, and XDR have similar goals, but they differ in their approaches to protecting businesses and users.

4 Min Read
Earth overlaid by network connections.
Source: Geralt via Pixabay

The pandemic has forever changed the workplace, with many organizations pledging to continue offering their employees some form of remote work option. The increase in home-based users working on multiple devices, combined with applications hosted from data centers and the cloud, is amplifying the constraints of legacy network and security infrastructures.

A recent Gartner survey found that 82% of companies plan on offering a remote work option at least some of the time. These businesses face the challenge of providing consistent, high-performance access, applying unified security policies across users and devices, and protecting sensitive data against an ever-increasing volume of cyber threats. To address these concerns, security architectures and frameworks, including zero-trust, secure access service edge (SASE), and extended detection and response (XDR), are gaining traction.

While they have similar goals, the three security models take different approaches. We provide an overview of each.

Zero-Trust, the Modern Alternative to Castle-and-Moat Security

Zero-trust operates on the principle of least privilege, specifying that no user or device should be inherently trusted and that security teams should inspect all traffic. In a zero-trust model, identities are verified and device health is validated before any access is granted. Users are permitted to access only the specific applications required to complete their jobs, as opposed to an entire network segment. In the case of a cloud-hosted application, users are typically connected directly to the application without traversing the network, which limits the potential for data loss or malware spread.

Many companies already have pieces of zero-trust in place, such as multifactor authorization, identity and access management (IAM), and encryption that can be built on. Network segmentation, deep packet inspection, and data loss prevention (DLP) are also important components of this architecture.

While it’s likely not feasible to implement zero-trust across all aspects of the infrastructure simultaneously, organizations can take certain steps to get started. Begin by asking stakeholders across departments within the organization to create a list of all of the data the company collects, followed by identifying which data is particularly sensitive or business-critical. Select one high-priority data type, then chart its entire path, along with each potential opportunity for exploits that must be defended.

SASE Will Become Widely Adopted in 2022

SASE is a framework combining software-defined networking with comprehensive security functions to support today’s cloud-computing environments and hybrid workforce. It’s based on four key principles:

  • The data center is no longer the concentration point of the network.

  • Access is based on identity, not the location of users ( zero-trust concept).

  • Worldwide points of presence (PoPs) are crucial to support a distributed workforce.

  • Businesses should aim to consolidate network and security vendors.

Since there’s no standard, off-the-shelf SASE solution, the journey will look different for each business. Some may source SD-WAN from their security vendor, while others prefer to stack security on top of their existing network infrastructure.

Working with a managed services provider (MSP) can be an attractive option given the industry’s cybersecurity skills shortage. Building a road map of upcoming network and security transformation initiatives and starting the proof-of-concept (POC) process to qualify SASE solutions early can help set up businesses for increased productivity, fewer risks and simplified management.

In 2022, we’ll see increased deployment as organizations modernize their networks and security to prepare themselves for supporting new business initiatives and workplace designations.

XDR, Not a One-Size-Fits-All Solution

Security alert fatigue is a real problem for organizations, and a recent survey found that 75% of security professionals spent more time addressing false-positive alerts than they did actual security incidents. Many organizations are turning to implement XDR, which extends threat detection and response from the endpoint to the network to the cloud, providing broad visibility for threats in real time. With the increased number of endpoints due to the shift to a distributed workforce, an XDR solution can help solve some of those challenges.

For organizations looking to implement XDR, the main focus should be eliminating overlapping capabilities in their product stacks, which can waste budget and personnel resources. XDR solutions should consider existing security investments, so organizations do not rip and replace working security solutions. No two businesses are alike, so understanding what needs to be secured – whether it’s data on the edge, cloud, endpoint, network, or OT devices – will be necessary to identify where the security gaps are located and how those gaps will be addressed with existing and new detection capabilities.

Modern Approaches for Hybrid Workers
Businesses have several modern security frameworks to consider for securing hybrid workers. Every organization has unique security needs and priorities that should be the driving force behind any security decision. With 55% of employees preferring to work remotely at least three days a week once the pandemic subsides, businesses that continue to provide consistent and highly secure experiences for their hybrid and remote users will be better protected against malicious actors and security vulnerabilities.

About the Author(s)

Mary Blackowiak

Lead Product Marketing Manager, AT&T Cybersecurity

Mary Blackowiak is a Lead Product Marketing Manager for the network security portfolio with AT&T Cybersecurity. She has over a decade of B2B marketing experience in the high-tech space including positions with Forcepoint, NSS Labs, and Best Buy for Business.

Rakesh Shah

Senior Director of Product Management, AT&T Cybersecurity

Rakesh Shah leads product management for the USM products in AT&T Cybersecurity. Previously, he lead product management for insider threat, behavioral analytics, and security orchestration products at Forcepoint, a Raytheon company, and he also spent over 15 years at Arbor Networks in a variety of roles in product management, marketing, and engineering leadership roles. He holds a M.Eng. degree from Cornell University and a B.S. degree from University of Illinois at Urbana-Champaign, both in Electrical and Computer Engineering.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights