If zero trust is the brain that watches out for the health of the digital body, extended detection and response (XDR) serves as the nerves that bring it information. And as the digital world rapidly changes, XDR can adapt. Why is pairing XDR with zero trust the right choice?

Zero Trust in a Changing World

So, what’s changing? Part of it has to do with a digital threat landscape that is evolving. Both the frequency and the sophistication of attacks are changing. The FBI’s Cyber Division received as many as 4,000 complaints of digital attacks a day in the first half of 2020 — up 400% over what they saw the previous year.

At the same time, the number of endpoints on corporate networks is growing. Many U.S. organizations saw the number of device connections to the corporate network expand with their shift to remote work. And there are good reasons to make that shift. In a 2021 survey, PwC found that 83% of employers considered the shift to remote work to have been successful. Over half (55%) of employees said they would like to work remotely at least three days a week going forward.

Learn more on zero trust

A Gift and a Curse

Those factors show why it’s helpful to follow a zero trust model as threats increase and workers spread out. But it also makes zero trust architecture that much more difficult to build. How are security teams supposed to see, verify and protect many different types of devices in a timely manner?

Timely is the operative word here. Security teams can’t spend all their time manually verifying and re-verifying the trust of connection attempts. There’s not enough time in the day. Indeed, they need to figure out some way to streamline this process. That way, they can maximize their positive impact on their security posture.

Shifting to XDR

The answer is to embrace XDR. In order to answer the question “What is XDR?” we have to know where XDR came from. And that story traces back to endpoint detection and response (EDR).

EDR’s Strengths and Limits

EDR operates on two fundamental principles. The first is to monitor the network constantly. The EDR process begins by setting up a secure baseline for an endpoint. It then uses that baseline to monitor for suspicious users, odd processes and other signs of potential threats.

Next, consider automated response. The process collects all of the information it observed on the endpoint and aggregates it together into a central database. It then uses the input of forensic tools and/or a human analyst to craft a response.

EDR can use this flow to help to strengthen defenses against potential threats. But it can only do so from the vantage point of an endpoint or group of endpoints where it resides. That makes scalability an issue. Organizations may need to purchase more licenses for the growing number of devices connected to the corporate network.

Even then, EDR can monitor for and detect only certain kinds of threats. It’s limited to the endpoint, so it can’t pick up on events like lateral movement. As such, it has limited visibility into an attack chain that might involve multiple assets, different parts of the network or cloud environments.

How XDR Fills Those Gaps … and Enables Zero Trust

Hence the need for something like XDR. XDR serves as an alternative to or evolution of EDR, network traffic analysis (NTA) tools, SIEM solutions and other ‘reactive’ tools. It does this by using threat intelligence feeds and multi-dimensional traffic algorithms to spot potential attacks before the damage is done. XDR does this work in real time not only across individual endpoints but also in the cloud and throughout the network.

These increased functions enable organizations to use XDR to address the zero trust timing issue discussed above. XDR is all about artificial intelligence, machine learning and other advanced analytics. This allows for threat detection in real time. That’s important when security teams need to always verify trust for a growing number of device connections across different network zones.

In that sense, XDR serves as zero trust’s central nervous system. It provides real-time visibility into the types of devices that are connecting to the network. Human defenders can then use XDR’s alerting and monitoring tools to spot digital threats and to respond as quickly as possible.

Scaling Zero Trust With XDR

Zero trust is not a single piece of tech. It relies on single sign-on, multi-factor authentication, network segmentation and other measures to oversee which users to trust. To be sure, those technologies can help organizations achieve the spirit of zero trust. But it can’t help them elevate it to the level of the enterprise-wide security paradigm.

On the other hand, XDR can. It does this by automating visibility across the entire organization. From there, organizations can keep track of their device connections and verify the trust of those assets on an ongoing basis. This puts you in a stronger position to welcome the coming influx of new devices.

More from Zero Trust

Effectively Enforce a Least Privilege Strategy

Every security officer wants to minimize their attack surface. One of the best ways to do this is by implementing a least privilege strategy. One report revealed that data breaches from insiders could cost as much as 20% of annual revenue. Also, at least one in three reported data breaches involve an insider. Over 78% of insider data breaches involve unintentional data loss or exposure. Least privilege protocols can help prevent these kinds of blunders. Clearly, proper management of access…

What CISOs Want to See From NIST’s Impending Zero Trust Guidelines

Cybersecurity at U.S. federal agencies has been running behind the times for years. It took an executive order by President Joe Biden to kickstart a fix across the agencies. The government initiative also serves as a wake-up call to enterprises lagging in getting zero trust up and running. Several organizations, including the Office of Management and Budget (OMB), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) responded to the president’s order with detailed…

Cost of a Data Breach: Infrastructure

During the pandemic, businesses and consumers saw firsthand what happens when infrastructure fails. In 2019, the global critical infrastructure protection (CIP) market size was valued at $96.30 billion. It is predicted to grow to $154.59 billion by 2027, with a CAGR of 6.2%. On top of that, each time an organization in a critical sector is the victim of any type of cybersecurity incident resulting in data loss, the event counts as a critical infrastructure data breach. Let's take a…

Companies Without Zero Trust Could Lose $1M More During a Data Breach

In recent years, the mindset for cybersecurity has shifted. It isn't a matter of if a company has a breach, but rather when a company has a breach. With the increase in cybersecurity incidents, most if not all companies will be victims of a data breach at some point. However, the latest research shows that organizations using zero trust can save more than $1 million during a breach.  Record High Costs for Data Breaches According to the 2022 IBM Cost of…