XDR and Zero-Trust Strategy

1. XDRandZero-TrustStrategy:The Whole is Greater than the sum of theparts by

2. Weareoftenasked,whatisthenear-termfutureofCybersecurity? Whileexperts’answersmaydiffer,wetypicallyhighlightthe ascensionofExtendedDetectionandResponse(XDR)asasignificant stepchangetoanorganization’scybersecuritytoolkitalongwiththe adoptionoftheZero-TrustMaturityModelprovidingbothatrust- centricanddata-centricapproachtotheprotectionofdigitalassets. Let’sbrieflytackle thelatterfirst.Onaverage,85%ofallassetsarein digitalform.Twentyyearsago,justafterthemillennium,thisfigure wasjust 10%.Digitalizationhasmadeinformation thenew oil.It powersnewindustriesandhastremendousvalue.Butwithcyber threatscontinuingtoelevate(rarelyadaygoesbywhenwedon’t hearofacyber-breachandthereisaransomwareattack starting everyelevenseconds),zero-trustisthenewparadigmshiftin cybersecurity,startingwithactionableinventoriesofdataandusers. Underscoringthisshift’simportance,newfederalregulationsnow focusonidentifyingandmanagingdatarisksthroughthe perspectivesofpeopleandtechnology.ThoseFederalRegulations includethemuch-discussedWhiteHouseExecutiveOrder(EO) 14028,“ImprovingtheNation’sCybersecurity”issuedMay12,2021. TheplaninthatEOwastoformulateastrategytomodernize cybersecurityinboththepublicandprivatesectorstomeetcurrent threats. That strategy centered on the concept of Zero Trust ArchitectureorZTA. To help move organizations and governmental agencies toward this approach,CISA(Cybersecurity andInfrastructureSecurity Agency) developedaZero-TrustMaturityModeltoofferprescriptive assistance.The Maturity Model outlines the data-centric approach, with the assumption that breaches will occur and devices and users shouldhaveleastprivilegeaccess. One section of EO14028, Section Four, directs agencies, academia, privatefirms,andotherstoidentifyexistingordevelop new standards, tools, and best practices to enhance software supply chain security. That is where Extended Detection and Response (or XDR) comesintoview. Cybersecurity as a domain and practice is only about thirty years old, sorelativelyyoungandalignedwithDARPA’sinvocationofthe moderninternet.We’venowcompletedfivegenerationsof

3. Cybercrimeactionsthatnecessitatedatechnologicalresponsein Cybersecurity. Lets do a short recap. In the 1990’s Generation 1 cybersecurity was highlighted by anti-virus software on the endpoint and Generation 2 was the advent of the perimeter firewall. Both are still with us in next-generationformstodaybutwithfarless effectiveness in a virtual and remote world than during prior eras.We then evolved to Generation 3, IDS/IPS in the early 2000’s, followed by Polymorphic Content driving Sandboxing and Anti-Bot technology in 2010 that we considerGeneration4. In the 2015 timeframe, and to today, we remain in Generation 5, the era of the mega-breach.Gen 5 (the short form) attacks are typically large-scale and multi-vector.They aredesigned to infect multiple componentsofaninformationtechnologyinfrastructure, including networks,virtualmachines,cloud instances,andendpointdevices. Gen5attackshaveledtothedevelopment ofamoreadvanced solution,thatbeingEndpointDetectionandResponse.Simplyput, EDRisanewgenerationofanti-malware,nolongerrelyingsolelyon signaturesystemstoperformmaliciousbehaviordetection.EDRadds behavioralprocessanalysiscapabilitiestodeterminedeviance.Ifyou arenotusing,atminimum,anAI-basedEDRplatform,youwillnot detect, nor stop Generation 5 cyber attacks. Even then, EDR platformsroutinely,testoutat80-90%effectiveness.Moreisneeded asweareabouttoembarkonGeneration6attacks,whichislarge- scalemulti-vector,justlikeGen5,plusvendor-accessibleassets,IoT, OT,Cloud-ConnectedDevices,Mobile,5GandSocial.What weneed isfound in XDR. THENEXUSOFZERO-TRUST ANDEXTENDEDDETECTION ANDRESPONSE(XDR) Generation6attacksrequireubiquityindefense,notonlyto“see everything”butmoreimportantly,to“secureeverything”.Thisis wheretheZero-TrustApproachandXDRhavecommonobjectives.

4. XDRand Zero-Trust Strategy: TheWhole isGreater than the sumof the... https://www.seceon.com/xdr-and-zero-trust-strategy-the-whole-is-greate... ThegoalofZero-Trustistopreventrisksbeforetheyhappen, identifyingrisksandindicatorsofabreachoftrust.XDRaddsalaser- focusto this identification, pinpointing evasive threats withbehavioral analyticsandusingmachine learning to detect anomaliesindicativeof anattack.The“Northstar”ofXDRisthat itnativelyintegrates network, endpoint,cloud,andthird-partydata.Itis, by nomenclature, a“cohesivesecurityoperationssystem”,asGartnerGrouphascalled it.It’saforce-multiplierversusdigitalcyber-risk,and in aworld whereeverycompanyhasbecomeanattainabletarget,itshouldbe foundoneveryorganization’sprioritizedcybersecuritydefense-in- depthchart. Butbeyondthemuchwiderrangeofsources,itoffersvisibility, detection,andpreventionto,XDRbringselaboratefunctionalities allowing,forexample,toincreasethelevelofcontextualizationby connectingtoourThreatIntelligencefeeds,tobringagreater capacityofanticipationbylinkingthedetectedtechnicalinformation withexternalcontent,torefinesecurityorchestrationandresponse automationbygivinganevenfinergranularityandfidelitytothe intervention.Cybersecuritytodayisaboutthecreationofadefense “factory”andyouneedtofuelthe“gear”inthatfactorywithdata. WefirstdothatviaMachineLearning,thenweenrichthatdatawith evenmorecontext,todevelopthreatmodelsthatbegindetectingand evaluatingthreatsatStage1,reconnaissance.Itis whyeffectiveness inXDRcanreach99.9%,not80-90%suchasEDRor50-60%like legacy signature-basedanti-malware. THEPOWEROFTWO:ZERO- TRUSTANDXDR It’simportanttorememberthatZeroTrustisaphilosophical approach,andXDRis an advancedpreventionanddetection capability. Zero-Trust is not a product that can be plugged in and save the day.By utilizing security tools that support the pillars of Zero Trust (posture, continuous assessment,and assumedcompromise), youcansignificantly improve youroverallsecurityposture. XDRisaneffective security capability. However, when usedin 4of10 9/6/2022, 21:58

5. tandemwiththeZeroTrustapproach,organizationscanfurther enhancetheirsecurity.XDRhastwosignificantassetsthat can support a Zero Trust strategy: strong endpoint (user, cloud workload, device,etc)controlsandorganization-widedata collectionand correlationfromacrosstheITinfrastructure.Here’showitworks: Strong endpoint controls deliver a solid foundation for verifying and establishing trust by providing security teamswith comprehensive visibility into potential threats and endpoint/device activities. Without visibility,youcan’tverifyandestablishtrust in goodfaith. Additionally, sinceXDRisconstantly collecting and correlating data, it establishesthecontinuousassessmentpillaroftheZeroTrust architectural strategy. This meansthat evenafter you’ve approved initial access for an endpoint, that asset will continually be reviewed and reassessed to ensure it remains uncompromised. In the event the endpoint starts acting suspicious, such as multiple logins from various locations in impossible time frames, XDR will send a notification to security teams, allowing them to withdraw accessand terminate a potentialattack vector. ZeroTrust and XDRalso help alleviate work from security teams. WithaZeroTruststrategythatleveragesXDR,many security weaknessesandgapscanbedetected by XDRandsubsequently blocked by enforcement points, eliminating asignificant number of vulnerabilities and work for security teams. By closing security gaps, security teams have more time to focus on investigating advanced attacks. As always, the fewer number of attacks, the easier it is for enterprises to achievetheir business goals,something aBoard of Directorscan understand. SUMMARY We established earlier that Zero-Trust is a trust-centric architecture that puts human and machine identities at the heart of security policy creation. In this architecture, enterprise accesscontrols and policies are based on identity and assigned attributes. In Zero-Trust, every accessrequestrequiresanestablishmentofpermittedaccess combinedwithaprovableidentityregardlessofwheretherequest

6. camefrom.Itsdynamicandadaptive,supportingmodernenterprise models:BYOD,remoteworker,cloudapps,hybridcloud,on-premises, socialintegration,andmore.XDRthendoestheheavylifting, preventing unknownand knownransomware,stoppingactiveattacks, detectingandpreventinglateralmovement,huntingforundetected signsofcompromise,andidentifyingMITREATT&CKadversarial tactics and techniques. XDR correlates data across endpoints, applications,thecloud,operationstechnology,InternetofThingsand theaforementionedidentity-centricarchitecture,essentiallytheentire ITestate.One(Zero-TrustorXDR)withouttheotherleavesan incompletetechnicalsecurityframework.Soouradviceisthe following:optforcompletevisibilityandextendedprotectiontoany application,workload,resource,complianceobjective(e.g.PCI-DSS), ornetwork.Detectadvancedthreatsandrespondtothemrapidly alongwiththeabilitytoidentifytheorigin,deeplytrack and investigate.Insistyoursolutionincludesnativeintegrationsand supportforAPIsandprotocolstoprotectthetotalityofyour investment.Thenestablishtrustandleastprivilegebeforegranting anyaccess(deviceoruser)orallowingaconnection.Lastly,alignthe attacker’slikelypathwiththehighestlevelofcoverageacross differingattack techniques.Sleepbetterwhiledoingrisk managementand security better. Youcando all of this with azero- trustarchitectureandafield-provenXDRsolution.Reachouttome withquestions.Ialwayswelcomehearingfromyou.Seeyounext time.

7. Contact Us Address -238 Littleton Road, Suite #206,Westford, MA 01886, USA Phone Number - +1 (978)-923-0040 Email Id - sales@seceon.com , info@seceon.com Website - https://www.seceon.com/