XDR and Zero-Trust Strategy (1)

1
XDR and Zero-Trust Strategy The Whole is
Greater than the sum of the parts by
2
We are often asked, what is the near-term future
of Cybersecurity? While experts answers may diff
er, we typically highlight the ascension of
Extended Detection and Response (XDR) as a
significant step change to an organizations
cybersecurity toolkit along with the adoption of
the Zero-Trust Maturity Model providing both a
trust- centric and data-centric approach to the
protection of digital assets. Lets briefly
tackle the latter first. On average, 85 of all
assets are in digital form. Twenty years ago,
just after the millennium, this figure was just
10. Digitalization has made information the new
oil. It powers new industries and has tremendous
value. But with cyber threats continuing to
elevate (rarely a day goes by when we dont hear
of a cyber-breach and there is a ransomware
attack starting every eleven seconds),
zero-trust is the new paradigm shift in
cybersecurity, starting with actionable
inventories of data and users. Underscoring this
shifts importance, new federal regulations now
focus on identifying and managing data risks throu
gh the perspectives of people and technology.
Those Federal Regulations include the
much-discussed White House Executive Order (EO)
14028, Improving the Nations Cybersecurity
issued May 12, 2021. The plan in that EO was to
formulate a strategy to modernize cybersecurity
in both the public and private sectors to meet
current threats. That strategy centered on the
concept of Zero Trust Architecture or ZTA. To
help move organizations and governmental agencies
toward this approach, CISA (Cybersecurity and
Infrastructure Security Agency) developed a
Zero-Trust Maturity Model to offer prescriptive
assistance. The Maturity Model outlines the
data-centric approach, with the assumption that
breaches will occur and devices and users should
have least privilege access. One section of EO
14028, Section Four, directs agencies, academia,
private firms, and others to identify existing or
develop new standards, tools, and best
practices to enhance software supply chain
security. That is where Extended Detection and
Response (or XDR) comes into view. Cybersecurity
as a domain and practice is only about thirty
years old, so relatively young and aligned with
DARPAs invocation of the modern internet. Weve
now completed five generations of
3
Cybercrime actions that necessitated a
technological response in Cybersecurity. Lets do
a short recap. In the 1990s Generation 1
cybersecurity was highlighted by anti-virus
software on the endpoint and Generation 2 was
the advent of the perimeter firewall. Both are
still with us in next-generation forms today but
with far less effectiveness in a virtual and
remote world than during prior eras. We then
evolved to Generation 3, IDS/IPS in the early
2000s, followed by Polymorphic Content driving
Sandboxing and Anti-Bot technology in 2010 that
we consider Generation 4. In the 2015 timeframe,
and to today, we remain in Generation 5, the era
of the mega-breach. Gen 5 (the short form)
attacks are typically large-scale and
multi-vector. They are designed to infect
multiple components of an information technology
infrastructure, including networks, virtual
machines, cloud instances, and endpoint
devices. Gen 5 attacks have led to the
development of a more advanced solution, that
being Endpoint Detection and Response. Simply
put, EDR is a new generation of anti-malware, no
longer relying solely on signature systems to
perform malicious behavior detection. EDR adds
behavioral process analysis capabilities to
determine deviance. If you are not using, at
minimum, an AI-based EDR platform, you will not
detect, nor stop Generation 5 cyber attacks. Even
then, EDR platforms routinely, test out at
80-90 effectiveness. More is needed as we are
about to embark on Generation 6 attacks, which is
large- scale multi-vector, just like Gen 5, plus
vendor-accessible assets, IoT, OT,
Cloud-Connected Devices, Mobile, 5G and Social.
What we need is found in XDR. THE NEXUS OF
ZERO-TRUST AND EXTENDED DETECTION AND RESPONSE
(XDR) Generation 6 attacks require ubiquity in
defense, not only to see everything but more
importantly, to secure everything. This is
where the Zero-Trust Approach and XDR have common
objectives.
4
XDR and Zero-Trust Strategy The Whole is Greater
than the sum of the...
https//www.seceon.com/xdr-and-zero-trust-strategy
-the-whole-is-greate...
The goal of Zero-Trust is to prevent risks before
they happen, identifying risks and indicators of
a breach of trust. XDR adds a laser- focus to
this identification, pinpointing evasive threats
with behavioral analytics and using machine
learning to detect anomalies indicative of an
attack. The Northstar of XDR is that it
natively integrates network, endpoint, cloud,
and third-party data. It is, by nomenclature, a
cohesive security operations system, as Gartner
Group has called it. Its a force-multiplier
versus digital cyber-risk, and in a world
where every company has become an attainable
target, it should be found on every
organizations prioritized cybersecurity
defense-in- depth chart. But beyond the much
wider range of sources, it offers visibility,
detection, and prevention to, XDR brings
elaborate functionalities allowing, for example,
to increase the level of contextualization by
connecting to our Threat Intelligence feeds, to
bring a greater capacity of anticipation by
linking the detected technical information with
external content, to refine security
orchestration and response automation by giving
an even finer granularity and fidelity to the
intervention. Cybersecurity today is about the
creation of a defense factory and you need to
fuel the gear in that factory with data. We
first do that via Machine Learning, then we
enrich that data with even more context, to
develop threat models that begin detecting and
evaluating threats at Stage 1, reconnaissance. It
is why effectiveness in XDR can reach 99.9, not
80-90 such as EDR or 50-60 like legacy
signature-based anti-malware. THE POWER OF TWO
ZERO- TRUST AND XDR Its important to remember
that Zero Trust is a philosophical approach, and
XDR is an advanced prevention and detection
capability. Zero-Trust is not a product that can
be plugged in and save the day. By utilizing
security tools that support the pillars of Zero
Trust (posture, continuous assessment, and
assumed compromise), you can significantly
improve your overall security posture. XDR is an
effective security capability. However, when
used in
4 of 10
5
tandem with the Zero Trust approach,
organizations can further enhance their
security. XDR has two significant assets that
can support a Zero Trust strategy strong
endpoint (user, cloud workload, device, etc)
controls and organization-wide data collection
and correlation from across the IT
infrastructure. Heres how it works Strong
endpoint controls deliver a solid foundation for
verifying and establishing trust by providing
security teams with comprehensive visibility
into potential threats and endpoint/device
activities. Without visibility, you cant verify
and establish trust in good faith. Additionally,
since XDR is constantly collecting and
correlating data, it establishes the continuous
assessment pillar of the Zero Trust
architectural strategy. This means that even
after youve approved initial access for an
endpoint, that asset will continually be reviewed
and reassessed to ensure it remains
uncompromised. In the event the endpoint starts
acting suspicious, such as multiple logins from
various locations in impossible time frames, XDR
will send a notification to security teams,
allowing them to withdraw access and terminate a
potential attack vector. Zero Trust and XDR also
help alleviate work from security teams. With a
Zero Trust strategy that leverages XDR, many
security weaknesses and gaps can be detected by
XDR and subsequently blocked by enforcement
points, eliminating a significant number of
vulnerabilities and work for security teams. By
closing security gaps, security teams have more
time to focus on investigating advanced attacks.
As always, the fewer number of attacks, the
easier it is for enterprises to achieve their
business goals, something a Board of Directors
can understand. SUMMARY We established earlier
that Zero-Trust is a trust-centric architecture
that puts human and machine identities at the
heart of security policy creation. In this
architecture, enterprise access controls and
policies are based on identity and assigned
attributes. In Zero-Trust, every access request
requires an establishment of permitted access
combined with a provable identity regardless of
where the request
6
came from. Its dynamic and adaptive, supporting
modern enterprise models BYOD, remote worker,
cloud apps, hybrid cloud, on-premises, social
integration, and more. XDR then does the heavy
lifting, preventing unknown and known
ransomware, stopping active attacks, detecting
and preventing lateral movement, hunting for
undetected signs of compromise, and identifying
MITRE ATTCK adversarial tactics and techniques
. XDR correlates data across endpoints,
applications, the cloud, operations technology,
Internet of Things and the aforementioned
identity-centric architecture, essentially the
entire IT estate. One (Zero-Trust or XDR)
without the other leaves an incomplete technical
security framework. So our advice is the
following opt for complete visibility and
extended protection to any application,
workload, resource, compliance objective (e.g.
PCI-DSS), or network. Detect advanced threats
and respond to them rapidly along with the abili
ty to identify the origin, deeply track and
investigate. Insist your solution includes native
integrations and support for APIs and protocols
to protect the totality of your investment. Then
establish trust and least privilege before
granting any access (device or user) or allowing
a connection. Lastly, align the attackers
likely path with the highest level of coverage
across differing attack techniques. Sleep bette
r while doing risk management and security
better. You can do all of this with a zero-
trust architecture and a field-proven XDR
solution. Reach out to me with questions. I
always welcome hearing from you. See you next
time.
7
Contact Us
Address -238 Littleton Road, Suite 206,Westford,
MA 01886, USA Phone Number - 1 (978)-923-0040
Email Id - sales_at_seceon.com , info_at_seceon.com
Website - https//www.seceon.com/