Seceon XDR (Extended Detection and Response) is advanced security software that offers comprehensive visibility, response across networks, and analysis of applications and endpoints. It is a tool that uses other means to manage the progression of endpoint detection and response security. Call Us: +1 (978)-923-0040
1. XDR and Zero-Trust Strategy: The
Whole is Greater than the sum of
the parts
by
2. We are often asked, what is the near-term future of Cybersecurity?
W hile experts’ answers may differ, we typically highlight the
ascension of Extended Detection and Response (XDR) as a significant
step change to an organization’s cybersecurity toolkit along with the
adoption of the Zero-Trust Maturity Model providing both a trust-
centric and data-centric approach to the protection of digital assets.
Let’s briefly tackle the latter first. On average, 85% of all assets are in
digital form. Twenty years ago, just after the millennium, this figure
was just 10%. Digitalization has made information the new oil. It
powers new industries and has tremendous value. But with cyber
threats continuing to elevate (rarely a day goes by when we don’t
hear of a cyber-breach and there is a ransomware attack starting
every eleven seconds), zero-trust is the new paradigm shift in
cybersecurity, starting with actionable inventories of data and users.
Underscoring this shift’s importance, new federal regulations now
focus on identifying and managing data risks through the
perspectives of people and technology. Those Federal Regulations
include the much-discussed White House Executive Order (EO)
14028, “Improving the Nation’s Cybersecurity” issued May 12, 2021.
The plan in that EO was to formulate a strategy to modernize
cybersecurity in both the public and private sectors to meet current
threats. That strategy centered on the concept of Zero Trust
Architecture or ZTA.
To help move organizations and governmental agencies toward this
approach, CISA (Cybersecurity and Infrastructure Security Agency)
developed a Zero-Trust Maturity Model to offer prescriptive
assistance. The Maturity Model outlines the data-centric approach,
with the assumption that breaches will occur and devices and users
should have least privilege access.
One section of EO 14028, Section Four, directs agencies, academia,
private firms, and others to identify existing or develop new
standards, tools, and best practices to enhance software supply chain
security. That is where Extended Detection and Response (or XDR)
comes into view.
Cybersecurity as a domain and practice is only about thirty years old,
so relatively young and aligned with DARPA’s invocation of the
modern internet. We’ve now completed five generations of
3. where the Zero-Trust Approach and XDR have common objectives.
Cybercrime actions that necessitated a technological response in
Cybersecurity.
Lets do a short recap. In the 1990’s Generation 1 cybersecurity was
highlighted by anti-virus software on the endpoint and Generation 2
was the advent of the perimeter firewall. Both are still with us in
next-generation forms today but with far less effectiveness in a
virtual and remote world than during prior eras. We then evolved to
Generation 3, IDS/IPS in the early 2000’s, followed by Polymorphic
Content driving Sandboxing and Anti-Bot technology in 2010 that we
consider Generation 4.
In the 2015 timeframe, and to today, we remain in Generation 5, the
era of the mega-breach. Gen 5 (the short form) attacks are typically
large-scale and multi-vector. They are designed to infect multiple
components of an information technology infrastructure, including
networks, virtual machines, cloud instances, and endpoint devices.
Gen 5 attacks have led to the development of a more advanced
solution, that being Endpoint Detection and Response. Simply put,
EDR is a new generation of anti-malware, no longer relying solely on
signature systems to perform malicious behavior detection. EDR adds
behavioral process analysis capabilities to determine deviance. If you
are not using, at minimum, an AI-based EDR platform, you will not
detect, nor stop Generation 5 cyber attacks. Even then, EDR
platforms routinely, test out at 80-90% effectiveness. More is needed
as we are about to embark on Generation 6 attacks, which is large-
scale multi-vector, just like Gen 5, plus vendor-accessible assets, IoT,
OT, Cloud-Connected Devices, Mobile, 5G and Social. What we need
is found in XDR.
THE NEXUS OF ZERO-TRUST
AND EXTENDED DETECTION
AND RESPONSE (XDR)
Generation 6 attacks require ubiquity in defense, not only to “see
everything” but more importantly, to “secure everything”. This is
4. 4 of 10 9/6/2022, 21:58
The goal of Zero-Trust is to prevent risks before they happen,
identifying risks and indicators of a breach of trust. XDR adds a laser-
focus to this identification, pinpointing evasive threats with behavioral
analytics and using machine learning to detect anomalies indicative of
an attack. The “Northstar” of XDR is that it natively integrates
network, endpoint, cloud, and third-party data. It is, by nomenclature,
a “cohesive security operations system”, as Gartner Group has called
it. It’s a force-multiplier versus digital cyber-risk, and in a world
where every company has become an attainable target, it should be
found on every organization’s prioritized cybersecurity defense-in-
depth chart.
But beyond the much wider range of sources, it offers visibility,
detection, and prevention to, XDR brings elaborate functionalities
allowing, for example, to increase the level of contextualization by
connecting to our Threat Intelligence feeds, to bring a greater
capacity of anticipation by linking the detected technical information
with external content, to refine security orchestration and response
automation by giving an even finer granularity and fidelity to the
intervention. Cybersecurity today is about the creation of a defense
“factory” and you need to fuel the “gear” in that factory with data.
We first do that via Machine Learning, then we enrich that data with
even more context, to develop threat models that begin detecting and
evaluating threats at Stage 1, reconnaissance. It is why effectiveness
in XDR can reach 99.9%, not 80-90% such as EDR or 50-60% like
legacy signature-based anti-malware.
THE POWER OF TWO: ZERO-
TRUST AND XDR
It’s important to remember that Zero Trust is a philosophical
approach, and XDR is an advanced prevention and detection
capability. Zero-Trust is not a product that can be plugged in and save
the day. By utilizing security tools that support the pillars of Zero
Trust (posture, continuous assessment, and assumed compromise),
you can significantly improve your overall security posture.
XDR is an effective security capability. However, when used in
XDR and Zero-Trust Strategy: The Whole is Greater than the sum of the... https://www.seceon.com/xdr-and-zero-trust-strategy-the-whole-is-greate...
5. tandem with the Zero Trust approach, organizations can further
enhance their security. XDR has two significant assets that can
support a Zero Trust strategy: strong endpoint (user, cloud workload,
device, etc) controls and organization-wide data collection and
correlation from across the IT infrastructure. Here’s how it works:
Strong endpoint controls deliver a solid foundation for verifying and
establishing trust by providing security teams with comprehensive
visibility into potential threats and endpoint/device activities. Without
visibility, you can’t verify and establish trust in good faith.
Additionally, since XDR is constantly collecting and correlating data,
it establishes the continuous assessment pillar of the Zero Trust
architectural strategy. This means that even after you’ve approved
initial access for an endpoint, that asset will continually be reviewed
and reassessed to ensure it remains uncompromised. In the event the
endpoint starts acting suspicious, such as multiple logins from various
locations in impossible time frames, XDR will send a notification to
security teams, allowing them to withdraw access and terminate a
potential attack vector.
Zero Trust and XDR also help alleviate work from security teams.
With a Zero Trust strategy that leverages XDR, many security
weaknesses and gaps can be detected by XDR and subsequently
blocked by enforcement points, eliminating a significant number of
vulnerabilities and work for security teams. By closing security gaps,
security teams have more time to focus on investigating advanced
attacks. As always, the fewer number of attacks, the easier it is for
enterprises to achieve their business goals, something a Board of
Directors can understand.
SUMMARY
We established earlier that Zero-Trust is a trust-centric architecture
that puts human and machine identities at the heart of security policy
creation. In this architecture, enterprise access controls and policies
are based on identity and assigned attributes. In Zero-Trust, every
access request requires an establishment of permitted access
combined with a provable identity regardless of where the request
6. came from. Its dynamic and adaptive, supporting modern enterprise
models: BYOD, remote worker, cloud apps, hybrid cloud, on-premises,
social integration, and more. XDR then does the heavy lifting,
preventing unknown and known ransomware, stopping active attacks,
detecting and preventing lateral movement, hunting for undetected
signs of compromise, and identifying MITRE ATT&CK adversarial
tactics and techniques. XDR correlates data across endpoints,
applications, the cloud, operations technology, Internet of Things and
the aforementioned identity-centric architecture, essentially the entire
IT estate. One (Zero-Trust or XDR) without the other leaves an
incomplete technical security framework. So our advice is the
following: opt for complete visibility and extended protection to any
application, workload, resource, compliance objective (e.g. PCI-DSS),
or network. Detect advanced threats and respond to them rapidly
along with the ability to identify the origin, deeply track and
investigate. Insist your solution includes native integrations and
support for APIs and protocols to protect the totality of your
investment. Then establish trust and least privilege before granting
any access (device or user) or allowing a connection. Lastly, align the
attacker’s likely path with the highest level of coverage across
differing attack techniques. Sleep better while doing risk
management and security better. You can do all of this with a zero-
trust architecture and a field-proven XDR solution. Reach out to me
with questions. I always welcome hearing from you. See you next
time.
7. Contact Us
Address -238 Littleton Road, Suite #206,Westford, MA 01886,
USA
Phone Number - +1 (978)-923-0040
Email Id - sales@seceon.com , info@seceon.com
Website - https://www.seceon.com/