XDR Is Coming for Your Identity - And That’s a Good Thing
by Paul Lanzi, on Mar 01, 2022
To set the stage, we need to way back – to Pakistan in 1986. A computer store in Lahore played host to the creation of the first PC computer virus: Brain. Two brothers who ran the computer store created the Brain boot sector virus to discourage people who were illegally copying the floppy disks they sold.
More than 35 years later, entire industries of cybersecurity, cybercrime, and cyber insurance have emerged, most traceable back to that first piece of malevolent software. The pace of evolution in each of these sectors has been nothing short of incredible – and it is accelerating.
Malware, ransomware and associated threats are the bane of defenders, worldwide. Historically, endpoint security technologies (antivirus and, later, EDR) have formed the primary bulwark against these threats. Meanwhile, Identity solutions have been focused more on productivity than security. Happily, we’re at the cusp of seeing Endpoint Security and Identity Security truly become mutually-supportive – and it’s XDR that will bring about that partnership.
The Evolution Starts with Antivirus
Defense began with antivirus. As those early viruses grew more complex and nefarious, antivirus tools emerged in the 1990s – and they did help to catch and mitigate virus infections. I remember, as a foolhardy youth, getting virus warnings on my home PC as I downloaded demos from my local BBS’s.
As good as they were, these antivirus solutions came with shortcomings:
- The scope of their protections was limited to viruses
- They weren’t adaptive, and only offered signature-based detections
- Their responses were limited to deleting files and, maybe, stopping an infecting process
Even when this evolution soon moved to next-gen antivirus and replaced signature-based detection with behavior-based detection, a lot still got through. It was clear that the defenders needed something better to keep the evolving attackers at bay – and thus, the industry turned its sights to Endpoint Detection & Response (EDR).
EDR offered a broader set of response capabilities. With EDR, users could now respond to threats by isolating computers from the network and detecting the proliferation of a bad file across all network computers. As good as they were, EDR had shortcomings too. EDR solutions only allowed endpoint-centric actions on a computer after detecting an infection.
XDR Next-Gen EDR
XDR, eXtended Detection and Response, is the next generation of EDR. With XDR, the idea is to go beyond the endpoints that restrict EDR. XDR comes with its own set of promises, which include:
- “One-Click” integrations
- “One-Click” response actions
- Less manual work for SOC analysts
- Lower dwell times
- Smaller blast radii
With XDR, investigations happen more quickly, cost fewer resources, and cover a wider data footprint. In the long-term, XDR can improve detections, generate fewer false-positive alerts, and continue maturation in the space.
XDR can stop the spread of cyberthreats. But, how does that work? And where does Identity come in?
Identity: The New Everything
Identity is the new perimeter, and Zero Trust is a fundamental rethinking of the interplay between endpoint, network, and identity security. In today’s threat ecosystem, Identity Security, like Endpoint Security, is a critical component of the cybersecurity environment.
While endpoint security solutions were built to stop viruses, identity solutions were built to stop the “I can’t do my job because I don’t have the right access” problem. As cybersecurity solutions continue to evolve, XDR solutions increasingly look to identity-related responses to prevent and neutralize threats.
By considering identity access management (IAM), the breadth of XDR tools grows in addressing cyberattacks, with strategies like:
- disabling an account
- forcing password resets and re-authentications
- triggering log-offs and step-up authentications
- prompting access recertification
As EDR evolves into XDR and increasingly considers identity-enabled response actions to confront risks, the role of identity-based controls grows more important. By removing 24x7 admin rights and bringing identity-related controls like Zero Trust to your cybersecurity environment, you can stop lateral movement by removing the tools attackers and automated threats, like malware, use to exploit your network.
Would you like to learn more about how XDR solutions increasingly look to identity-based solutions like Remediant SecureONE when building out their arsenal of responses to combat today’s cyberattacks?
Click here to check out Paul Lanzi’s recent presentation from the 2021 Hybrid Identity Protection Virtual Conference and learn more.