How Zero Trust and XDR Work Together

December 10, 2021 TH Author Trend Micro CISO : Article, Trend Micro CISO : Cloud, Trend Micro CISO : Detection and Response, Trend Micro CISO : Digital Transformation, Trend Micro CISO : Expert Perspective, Trend Micro CISO : Risk Management

XDR alone is an effective security capability. However, when used in tandem with the Zero Trust approach, organizations can further enhance their security. XDR has two significant assets that can support a Zero Trust strategy: strong endpoint (user, cloud workload, device, etc) controls and organization-wide data collection and correlation from across the IT infrastructure. Here’s how it works:

Strong endpoint controls deliver a solid foundation for verifying and establishing trust by providing security teams with comprehensive visibility into potential threats and endpoint/device activities. Without visibility, you can’t verify and establish trust in good faith.

Additionally, since XDR is constantly collecting and correlating data, it establishes the continuous assessment pillar of the Zero Trust strategy. This means that even after you’ve approved initial access for an endpoint, that asset will continually be reviewed and reassessed to ensure it remains uncompromised. In the event the endpoint starts acting suspicious, such as multiple logins from various locations in impossible time frames, XDR will send a notification to security teams, allowing them to withdraw access and terminate a potential attack vector.

Zero Trust and XDR also help alleviate work from security teams. With a Zero Trust strategy that leverages XDR, many security weaknesses and gaps can be detected by XDR and subsequently blocked by enforcement points, eliminating a significant number of vulnerabilities and work for security teams. By closing security gaps, security teams have more time to focus on investigating advanced attacks. As always, the fewer number of attacks, the easier it is for enterprises to achieve their business goals, something the board can understand.

Where to start?

While the Zero Trust concept has been around since the early 2010s, it is just recently being implemented. Therefore, it can be tough to know where to start in your journey with XDR and Zero Trust. It doesn’t help that many security vendors are making confusing claims their products are “Zero Trust certified” when no such certifications exist.

The National Institute of Standards and Technology (NIST) released NIST SP-800-207, which is a high-level framework that describes the importance of Zero Trust and provides use cases and technology recommendations.

Renowned analyst firms such as Gartner, Forrester, IDC, and ESG have refined their Zero Trust definitions and frameworks to simplify the process for organizations. While analyst firms may have their own way of describing a combination of CASB, Secure Web Gateway, and more advanced VPN-using Zero Trust principles, they all agree that this can be used in a SD-WAN environment.

Ultimately, each organization needs to consider the nuances of their environment and the security tools available but leveraging the NIST special publication and analyst knowledge is a reliable place to start.

For more insights on leveraging XDR capabilities to establish the Zero Trust pillars, read our report: What is Zero Trust? (Really)

You May Also Like

Unifying Cloud Security Beyond Siloes

Ransomware Insurance: Security Strategies to Obtain Coverage

IT & OT security: How to Bridge the Gap