Light Dark
June 22, 2021 By David Bisson 3 min read
Zero Trust
Risk Management
Security Services

If zero trust is the brain that watches out for the health of the digital body, extended detection and response (XDR) serves as the nerves that bring it information. And as the digital world rapidly changes, XDR can adapt. Why is pairing XDR with zero trust the right choice?

Zero Trust in a Changing World

So, what’s changing? Part of it has to do with a digital threat landscape that is evolving. Both the frequency and the sophistication of attacks are changing. The FBI’s Cyber Division received as many as 4,000 complaints of digital attacks a day in the first half of 2020 — up 400% over what they saw the previous year.

At the same time, the number of endpoints on corporate networks is growing. Many U.S. organizations saw the number of device connections to the corporate network expand with their shift to remote work. And there are good reasons to make that shift. In a 2021 survey, PwC found that 83% of employers considered the shift to remote work to have been successful. Over half (55%) of employees said they would like to work remotely at least three days a week going forward.

Learn more on zero trust

A Gift and a Curse

Those factors show why it’s helpful to follow a zero trust model as threats increase and workers spread out. But it also makes zero trust architecture that much more difficult to build. How are security teams supposed to see, verify and protect many different types of devices in a timely manner?

Timely is the operative word here. Security teams can’t spend all their time manually verifying and re-verifying the trust of connection attempts. There’s not enough time in the day. Indeed, they need to figure out some way to streamline this process. That way, they can maximize their positive impact on their security posture.

Shifting to XDR

The answer is to embrace XDR. In order to answer the question “What is XDR?” we have to know where XDR came from. And that story traces back to endpoint detection and response (EDR).

EDR’s Strengths and Limits

EDR operates on two fundamental principles. The first is to monitor the network constantly. The EDR process begins by setting up a secure baseline for an endpoint. It then uses that baseline to monitor for suspicious users, odd processes and other signs of potential threats.

Next, consider automated response. The process collects all of the information it observed on the endpoint and aggregates it together into a central database. It then uses the input of forensic tools and/or a human analyst to craft a response.

EDR can use this flow to help to strengthen defenses against potential threats. But it can only do so from the vantage point of an endpoint or group of endpoints where it resides. That makes scalability an issue. Organizations may need to purchase more licenses for the growing number of devices connected to the corporate network.

Even then, EDR can monitor for and detect only certain kinds of threats. It’s limited to the endpoint, so it can’t pick up on events like lateral movement. As such, it has limited visibility into an attack chain that might involve multiple assets, different parts of the network or cloud environments.

How XDR Fills Those Gaps … and Enables Zero Trust

Hence the need for something like XDR. XDR serves as an alternative to or evolution of EDR, network traffic analysis (NTA) tools, SIEM solutions and other ‘reactive’ tools. It does this by using threat intelligence feeds and multi-dimensional traffic algorithms to spot potential attacks before the damage is done. XDR does this work in real time not only across individual endpoints but also in the cloud and throughout the network.

These increased functions enable organizations to use XDR to address the zero trust timing issue discussed above. XDR is all about artificial intelligence, machine learning and other advanced analytics. This allows for threat detection in real time. That’s important when security teams need to always verify trust for a growing number of device connections across different network zones.

In that sense, XDR serves as zero trust’s central nervous system. It provides real-time visibility into the types of devices that are connecting to the network. Human defenders can then use XDR’s alerting and monitoring tools to spot digital threats and to respond as quickly as possible.

Scaling Zero Trust With XDR

Zero trust is not a single piece of tech. It relies on single sign-on, multi-factor authentication, network segmentation and other measures to oversee which users to trust. To be sure, those technologies can help organizations achieve the spirit of zero trust. But it can’t help them elevate it to the level of the enterprise-wide security paradigm.

On the other hand, XDR can. It does this by automating visibility across the entire organization. From there, organizations can keep track of their device connections and verify the trust of those assets on an ongoing basis. This puts you in a stronger position to welcome the coming influx of new devices.

 |  |  | 
David Bisson
Contributing Editor

More from Zero Trust
October 5, 2023

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

April 27, 2023

Zero trust data security: It’s time to make the shift

4 min read - How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable to breaches as their attack surfaces continue to grow and become more difficult — if not impossible — to define. Add geopolitical and economic instability…

April 17, 2023

How zero trust changed the course of cybersecurity

4 min read - For decades, the IT industry relied on perimeter security to safeguard critical digital assets. Firewalls and other network-based tools monitored and validated network access. However, the shift towards digital transformation and hybrid cloud infrastructure has made these traditional security methods inadequate. Clearly, the perimeter no longer exists. Then the pandemic turned the gradual digital transition into a sudden scramble. This left many companies struggling to secure vast networks of remote employees accessing systems. Also, we’ve seen an explosion of apps,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature