If zero trust is the brain that watches out for the health of the digital body, extended detection and response (XDR) serves as the nerves that bring it information. And as the digital world rapidly changes, XDR can adapt. Why is pairing XDR with zero trust the right choice?

Zero Trust in a Changing World

So, what’s changing? Part of it has to do with a digital threat landscape that is evolving. Both the frequency and the sophistication of attacks are changing. The FBI’s Cyber Division received as many as 4,000 complaints of digital attacks a day in the first half of 2020 — up 400% over what they saw the previous year.

At the same time, the number of endpoints on corporate networks is growing. Many U.S. organizations saw the number of device connections to the corporate network expand with their shift to remote work. And there are good reasons to make that shift. In a 2021 survey, PwC found that 83% of employers considered the shift to remote work to have been successful. Over half (55%) of employees said they would like to work remotely at least three days a week going forward.

Learn more on zero trust

A Gift and a Curse

Those factors show why it’s helpful to follow a zero trust model as threats increase and workers spread out. But it also makes zero trust architecture that much more difficult to build. How are security teams supposed to see, verify and protect many different types of devices in a timely manner?

Timely is the operative word here. Security teams can’t spend all their time manually verifying and re-verifying the trust of connection attempts. There’s not enough time in the day. Indeed, they need to figure out some way to streamline this process. That way, they can maximize their positive impact on their security posture.

Shifting to XDR

The answer is to embrace XDR. In order to answer the question “What is XDR?” we have to know where XDR came from. And that story traces back to endpoint detection and response (EDR).

EDR’s Strengths and Limits

EDR operates on two fundamental principles. The first is to monitor the network constantly. The EDR process begins by setting up a secure baseline for an endpoint. It then uses that baseline to monitor for suspicious users, odd processes and other signs of potential threats.

Next, consider automated response. The process collects all of the information it observed on the endpoint and aggregates it together into a central database. It then uses the input of forensic tools and/or a human analyst to craft a response.

EDR can use this flow to help to strengthen defenses against potential threats. But it can only do so from the vantage point of an endpoint or group of endpoints where it resides. That makes scalability an issue. Organizations may need to purchase more licenses for the growing number of devices connected to the corporate network.

Even then, EDR can monitor for and detect only certain kinds of threats. It’s limited to the endpoint, so it can’t pick up on events like lateral movement. As such, it has limited visibility into an attack chain that might involve multiple assets, different parts of the network or cloud environments.

How XDR Fills Those Gaps … and Enables Zero Trust

Hence the need for something like XDR. XDR serves as an alternative to or evolution of EDR, network traffic analysis (NTA) tools, SIEM solutions and other ‘reactive’ tools. It does this by using threat intelligence feeds and multi-dimensional traffic algorithms to spot potential attacks before the damage is done. XDR does this work in real time not only across individual endpoints but also in the cloud and throughout the network.

These increased functions enable organizations to use XDR to address the zero trust timing issue discussed above. XDR is all about artificial intelligence, machine learning and other advanced analytics. This allows for threat detection in real time. That’s important when security teams need to always verify trust for a growing number of device connections across different network zones.

In that sense, XDR serves as zero trust’s central nervous system. It provides real-time visibility into the types of devices that are connecting to the network. Human defenders can then use XDR’s alerting and monitoring tools to spot digital threats and to respond as quickly as possible.

Scaling Zero Trust With XDR

Zero trust is not a single piece of tech. It relies on single sign-on, multi-factor authentication, network segmentation and other measures to oversee which users to trust. To be sure, those technologies can help organizations achieve the spirit of zero trust. But it can’t help them elevate it to the level of the enterprise-wide security paradigm.

On the other hand, XDR can. It does this by automating visibility across the entire organization. From there, organizations can keep track of their device connections and verify the trust of those assets on an ongoing basis. This puts you in a stronger position to welcome the coming influx of new devices.

More from Zero Trust

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Zero trust data security: It’s time to make the shift

4 min read - How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable to breaches as their attack surfaces continue to grow and become more difficult — if not impossible — to define. Add geopolitical and economic instability…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today