Guest OpEd by Gilad David Maayan, CEO and Founder of Agile SEO
Endpoint Detection and Response (EDR) was until recently a staple of network security at large enterprises.
EDR solutions were installed on every corporate endpoint—from employee workstations and laptops to mission-critical servers—and enabled security teams to identify attacks as they happen, investigate them, and respond directly on the affected device.
However, modern IT environments are evolving in ways that do not correspond with the EDR model.
The old network perimeter is dead, and many business activities occur on personal computing or mobile devices not managed by the organization, in cloud systems completely outside the organization’s reach, or on distributed internet of thing (IoT) devices.
The Zero Trust security paradigm has emerged to address this complex, distributed environment. Will it kill EDR? And what will come in its place? Read on to find out.
What Is Zero Trust Security?
In 2010, Forrester analyst John Kindervag first proposed the zero trust architecture.
Zero trust is a general framework that ensures effective safeguarding of the most valuable assets of an organization. It functions by making the assumption that all endpoints and connections are deemed a threat.
The framework safeguards against such threats, be it internal or external, including connections currently inside. In short, a zero trust network:
-
Logs and checks all organizational network traffic
-
Restricts and monitors access to the network
-
Inspects and safeguards network resources
The zero trust security framework makes sure that information and data can’t be accessed by default. Users may only access these resources in a restricted way, under the correct circumstances, called least-privilege access.
The core component of a zero trust security framework is a Zero Trust Network Access system, which checks and permits all connections, including when a user accesses an application or software to a collection of data through an application programming interface (API).
It makes sure the interaction adheres to the conditional demands of the security policies of the organization.
A zero trust security strategy also verifies and authenticates all devices, connection and network flow according to various policies, utilizing details from as much data as possible.
(Hear from John Kindervag, Senior VP Cybersecurity Strategy and Group Fellow of ON2IT and the creator of Zero Trust, as he answers questions and clarifies how you can benefit from a Zero Trust approach to security. Courtesy of ISACA NL Chapter and YouTube.)
Implementing Zero Trust
To effectively put in place a zero trust architecture, organizations must correlate data from various security domains.
Different teams throughout the organization should agree on access policies and priorities. They should safeguard all connections throughout the organization, from information to users and devices to workloads, networks, and applications.
This architecture demands a well-considered approach and strategy to integrate and implement security tools to fulfill particular organization-focused results.
Zero trust architecture is considerably complex to build. How can security teams verify, see, and safeguard various types of devices in a timely fashion?
The use of automation and management tools is key. Security teams don’t have the resources to manually check and recheck every attempt to connect to the network.
They must find a way to make this process efficient in order to enhance the organization’s security posture.
What Is Endpoint Security?
Endpoint security involves monitoring and protecting end-user devices, including laptops, smartphones, network access paths with website logins or open ports, desktop PCs and POS devices.
This requires more than antivirus tools—for example, you can apply security software, such as Endpoint Detection and Response (EDR) tools, on principal servers. You can also install tools on the devices themselves, such as ad blockers.
Endpoint protection tools tend to incorporate features for isolating intrusions, including bypassed firewalls and behavioral analysis—for example, suspicious behavior may include attempts to login by several users from one IP address.
EDR security is essential for the security of an organization’s information—it protects the entry points that cybercriminals could exploit to achieve access to sensitive data.
(The Attivo Networks Endpoint Detection Net (EDN) Suite anticipates attacker methods to move laterally from infected endpoints and ambushes their moves with lures, bait, and misdirection to speed threat detection. EDN boosts existing endpoint security detection performance by showing exposed credential attack paths, credential misuse, and attempts to enumerate Active Directory. Concealment technology hides and denies access to critical files, data, AD objects, and credentials. The solution prevents discovery, credential theft, privilege escalation, data collection, and lateral movement. Courtesy of Attivo Networks, a Multiple Award Finalist in the 2021 ‘ASTORS’ Homeland Security Awards Program and YouTube.)
EDR’s Strengths and Limits
EDR functions on two central principles:
-
Monitoring—the initial goal is to continuously monitor the network. The EDR process starts by establishing a safe baseline for an endpoint. It then makes use of the baseline to check for suspicious users, outdated processes and other indications of possible threats.
-
Automation—next, effective EDR requires automated responses. This process gathers all of the data it viewed on the endpoint and amasses it into a central database. It then utilizes the input of a human analyst and any forensic tools used to create a response.
EDR may employ this flow to help strengthen the defenses against possible threats. However, it is only effective at the level of an endpoint (or set of endpoints).
This means that scalability becomes a problem. Organizations would have to buy more licenses for the increasing number of devices linked to the business network.
Even if installed across all devices, EDR can only detect and monitor specific types of threats. It is housed in the endpoint, so it cannot identify events such as lateral movement.
Given this, it has restricted visibility into an attack chain, which could include various assets or sections of the network or cloud.
That is why XDR is needed. XDR acts as an evolution for or alternative to EDR, network traffic analysis (NTA) tools, SIEM tools and different ‘reactive’ solutions.
XDR and Zero Trust Security
Extended detection and response (XDR) tools are a current attempt to bring together all the relevant security solutions.
They are intended to unify multiple security capabilities into a single solution that offers automated analysis, remediation, monitoring, and detection.
The aim is to maximize detection accuracy while also increasing security operations and remediation efficiency.
The benefits of EXR are deemed to be so broad that Gartner called XDR the top security trend to arise out of 2020.
XDR can hold a central role in advancing a zero trust architecture when used together with more targeted Identity and Access Management (IAM).
XDR solutions offer in-depth security monitoring via flexible as-a-service delivery which attends to identity and data monitoring.
By providing top technologies as a completely managed service, organizations may make the most of automation and advanced analytics to isolate and mitigate potential attacks at machine speed. This degree of automation is central to supporting the zero trust architecture.
Under zero trust, security checks go beyond the network perimeter to include a broad range of endpoints and activities and the supply chain.
In this notably wider landscape, an automated and rapid response is a must. XDR maximizes the effectiveness of zero trust by elevating the volume and speed of anomaly detections and rapid responses.
Conclusion
In this article I explained the basics of zero trust, traditional endpoint security and the shortcomings of EDR, and how these have led to the introduction of XDR.
In many organizations, XDR is augmenting or replacing EDR, as a more flexible platform that can protect multiple layers of the corporate environment, including those outside the organization’s direct control.
To be fair, zero trust won’t kill EDR. There is still a need to protect corporate IT endpoints. In large organizations, managed endpoints still number in the thousands or more.
EDR will continue to be used, but will become a small component of a larger security stack, driven by XDR and new security technologies built for the zero trust environment.
About the Author
Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Ixia, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.
Today he heads Agile SEO, a leading marketing agency in the technology industry.
Attivo Networks Selected as a Multiple- Award Finalist in 2021 ‘ASTORS’ Awards
Register Today, Closing Soon
American Security Today’s ‘ASTORS’ Homeland Security Awards program is today in its Sixth Year and continues to recognize the Outstanding Innovations of top firms and agencies in the Homeland Security and Public Safety fields.
The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.
American Security Today is pleased to announce TSA Administrator David Pekoske, will join the organization as a featured speaker at the 2021 ‘ASTORS’ Homeland Security Awards Presentation Luncheon, on November 17, 2021 at ISC East in New York City.
“On the heels of an unprecedented global pandemic, continued unrest in our cities and potentially catastrophic cyberattacks on our nations critical infrastructure, the focus of the 2021 ‘ASTORS’ Awards Luncheon will be on the latest, state-of-the-art innovations that are driving investments in new public security and safety technologies and systems,” said AST Editorial and Managing Director Tammy Waitt.
“As a recognized expert in crisis management, strategic planning, innovation and aviation, surface transportation and maritime security, David Pekoske’s message highlighting his top priorities and challenges for the TSA based on his years of wide-ranging experience will be critical to our attendees internalizing the critical nature of these escalating challenges, and realizing innovative new approaches to meet them.”
The 2021 ‘ASTORS’ Awards Program is Proudly Sponsored by AMAROK, Fortior Solutions and SIMS Software, along with Returning Premier Sponsors ATI Systems, Attivo Networks, Automatic Systems, and Reed Exhibitions.
Additionally, the First 100 Registered Attendees to receive autographed copies of the Latest Book by Legendary Police Commissioner, Bill Bratton, who will be Live at the 2021 ‘ASTORS’ Awards Luncheon.
‘The Profession: A Memoir of Community, Race, and the Arc of Policing in America’
The epic, transformative career of Bill Bratton, legendary police commissioner and police reformer, in Boston, Los Angeles, and New York When Bill Bratton became a Boston street cop after returning from serving in Vietnam, he was dismayed by the corrupt old guard, and it is fair to say the old guard was dismayed by him too.
The Profession presents not only a fascinating and colorful life at the heights of law enforcement leadership, but the vision for the future of American policing that we sorely need.
At ISC East 2021 you with the opportunity to interact with a broad array of security industry professionals.
ISC East works closely with other businesses in the security and public safety space to help bring together the Northeast’s largest security trade show each year.
Therefore, the ISC audience of security dealers, installers, integrators, consultants, corporate, government and law enforcement/first responder practitioners will be joined by the ASIS NYC audience of major corporate managerial-through-director-level national and global security executives.
The combination of one-on-one conversations with the industry’s top innovators, integrators and security executives, special events, high-quality education and training, and strong support from industry associations, will allow attendees to learn and evaluate solutions from leading security exhibitors and brands.
With the integration of the Natural Disaster and Emergency Management (NDEM) Expo, the show is moving even further into our reader’s wheelhouse!
Your ‘ASTORS’ Awards Luncheon registration includes complimentary attendee access to ISC East, NDEM and the ASIS NYC Security Conference and Expo!
Thank take advantage of this exclusive luncheon opportunity to take a break from the show – Invite your team, guests, clients and show visitors to a lovely and affordable plated meal event in the heart of New York City, for a fabulous networking opportunity!
Register Today, Closing Soon
Go to https://americansecuritytoday.com/product/awards-luncheon/ to secure your seat or reserve a table.
***Early Registration Discount Ends November 1. Limited space available so Register Today. There will be no on-site registrations.
Why American Security Today?
The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.
The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast-changing security landscape.
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State and local levels of government as well as firms allied to government.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers’ eyes throughout the story with cutting-edge editorial that provides solutions to their challenges.
Harness the Power of the Web – with our 100% Mobile Friendly Publications
The AST Digital Publications is distributed to over 75,000 qualified government and homeland security professionals in federal, state and local levels.
‘PROTECTING OUR NATION, ONE CITY AT A TIME’
AST Reaches both Private & Public Experts, essential to meeting these new challenges.
Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture, and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.
These experts are from Government at the federal, state and local level as well as from private firms allied to government.
AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website, and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.
AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.
To learn more about the 2020 ‘ASTORS’ Homeland Security Award Winners solutions, Check Out the 2020 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2020 ‘A Year in Review’.
The Annual CHAMPIONS edition includes a review of the ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firms products and services, includes video interviews and more.
It is your Go-To source throughout the year for ‘The Best of 2020 Products and Services‘ endorsed by American Security Today, and can satisfy your agency’s and organization’s most pressing Homeland Security and Public Safety needs.
From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware and Networking Security – Just to name a few), the 2020 ‘ASTORS’ CHAMPIONS EDITION has what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.
It also includes featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2020 ‘ASTORS’ Awards Program.
-
For a complete list of 2020 ‘ASTORS’ Award Winners, click here.
For more information on All Things American Security Today, and the 2021 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at mmadsen@americansecuritytoday.com.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos