Askhat - stock.adobe.com
Zero trust. Secure Access Service Edge (SASE). Extended detection and response (XDR).
Anyone who tuned into RSA Conference 2021 likely heard at least one of these cybersecurity buzz phrases during any given session. But what do they mean in a real-world enterprise context?
During the show, Jon Oltsik, John Grady and Dave Gruber, analysts at Enterprise Strategy Group, a division of TechTarget, gathered to clear the air around the confusion and offer advice to enterprises starting to look at these three concepts.
Listen in as analysts give rapid-fire responses to questions, including the following: What is the technology? What's driving it? Where is the confusion surrounding it? What are its implementation challenges? Do the technologies overlap?
When it comes to being successful with zero trust, for example, Oltsik said a paradigm shift is required. "It's a journey. We have to get there through phased implementation, and we have to coordinate with the business. It's a strategic imperative, not a technology project," he said.
When discussing the emerging hot topic of XDR, Gruber explained that enterprises shouldn't be cautious of marketing hype -- a real market need for the technology exists, and he offered a definition of this overly confusing topic before outlining its three categories:
- Full-stack XDR is functionality provided by a single vendor in an integrated environment.
- Overlay XDR is analytics that sit on top of existing security-base controls.
- Endpoint and endpoint detection and response vendors expand into XDR.
Tune in for more insights on zero trust, XDR and SASE.
Jamison Cush: In this video, the experts at TechTarget and ESG discuss the impact of XDR, SASE and zero trust on cybersecurity. And, for complete coverage of RSA Conference 2021, click the link above or in the description below.
Rob Wright: Hello and welcome to this lightning round session for RSA Conference 2021: The impact of XDR, SASE and zero trust on cybersecurity strategies. I'm Rob Wright, security news director at TechTarget, and I am joined by three lead analysts from Enterprise Strategy Group: John Grady, Dave Gruber and Jon Oltsik. We're going to discuss three technology areas that have become especially pertinent for many organizations over the last year. And, since this is a lightning round session, we're going to jump right into it. OK, guys, first question: Zero trust. It touches on a lot of areas that can be implemented in many different ways. How best do we describe zero trust in, say, 30 seconds? John Grady, why don't you start us off?
John Grady: I don't know If there's any way to do that, Rob. Really quickly, it's about inherently not trusting anything on the network, but providing more conditional access, constantly evaluating the security posture of the devices and entities that are making connections on the network, taking more of a risk-based approach. Everyone understands this takes a large number of tools to implement, but you have to think about it as a strategy and really take a use case-specific mode of getting there over time.
Wright: And, Jon Oltsik, why don't you give your perspective on it?
Jon Oltsik: Well, there's not much to add to what John said. It is a paradigm shift. We used to trust everything inside the network and not trust everything outside the network, and now, we don't want to trust anything. It's a journey; we have to get there through a phased implementation, and we have to coordinate with the business. It's a strategic imperative, not any kind of technology project.
Wright: Dave, the shift to remote work over the last year seemed like the perfect time to have a coming-out party for zero-trust implementation. But has that happened? Has it impacted the strategies and the implementation plans for zero trust?
Dave Gruber: The remote worker has been a forcing function for this whole idea. The idea is not new. But it's one where the remote worker has really made this a dramatic need now. The challenge, however, is it's not a flip-the-switch; it's not a single-solution effort. Good news is lots of organizations are committed. We see strategies in place; we see a ton of support from individual vendors along the way. So, we're making some progress.
Wright: Is it difficult to implement? Because I know that there's a lot of moving parts here. Does it seem maybe simple on the surface but just takes a little bit more effort and a little bit more understanding of what you're doing with identity and access management, so on and so forth? Anyone can answer.
Grady: I'll jump in there. Yeah, it is hard. There's no question, but I think you have to take a longer-term view. As Jon Oltsik said, 77% of the organizations we've surveyed have seen both security and business benefits. It may take some time to get there. I think you have to go in eyes wide open and understand that it will take time, but there's absolutely positive light at the end of the tunnel.
Wright: OK, let's turn to XDR, extended detection and response. There are different perspectives and definitions for XDR. But how would you define it and compare it to, say, an area like traditional threat detection and response? That's an area I'm a little bit more familiar with, but there are a lot of perspectives out there about what XDR is and isn't. Dave, why don't you start us off?
Gruber: At ESG, we are taking a fairly broad view of XDR. XDR is an integrated suite of security products; it spans IT infrastructures. It's designed to interoperate and coordinate on threat prevention, detection and response. It integrates different control points, telemetry, analytics and operations into one broad enterprise system to power the security operation center.
Wright: Jon Oltsik, is there confusion about this term compared to regular threat detection and response amongst customers that are looking to invest?
Oltsik: Yes, there is a ton of confusion. It's a new term. But what we're seeing is that customers are where you think they are. They're doing research on the products. They're talking to people like Dave and I. They're calling in their vendors to get a roadmap perspective. There's an acute need for new threat detection and response tools, so there's a market opportunity there. But, at the same time, confusion doesn't do anyone any good. We're advising our clients to do much more market education. And we're advising end users to really take a long, slow and strategic approach to XDR.
Wright: There's a lot of hype about this term, though. What is the best way for -- let's say a large enterprise -- to approach this emerging category? Is this something that they should be looking at? Should they be cautious about investing in it?
Gruber: First of all, no caution -- there's a real need here, so we need to do something about it. There's some different approaches to XDR. It depends on what your investment in your security operations environment is. There's three categories of XDR that Jon and I've been talking about. From a solution standpoint, first, we call it a full-stack XDR solution, where the primary security controls and the analytics and the detection response is all provided from a single vendor in an integrated environment. This is really the most turnkey approach to thinking about detection and response in the organization.
The second is what we're calling overlay XDR. This is basically an analytics-based approach that sits on top of your existing security controls. These are solutions that are heavily machine learning-driven. They often have cloud-delivered data stores and big data lakes. It can take inputs from all the different security controls in the organization, and it focuses on stitching all that data together -- correlating, aggregating and then doing the detection response functions. That's a little easier to approach for a lot of organizations who are heavily invested in their own infrastructure already.
The third category is the endpoint and EDR [endpoint detection and response] vendors who are expanding their offerings to XDR. Many have built big analytics engines on top of it. Some have invested in other controls, but most have a partnership approach where the EDR technology plugs into a number of other security control technologies to bring that to get that data together in an analytics platform. So, those are the sort of three different types of XDR solutions in the marketplace. And which one is right for you? It depends on what your prior investment strategies have been and what kinds of relationships you have with other vendors.
Wright: Let's turn to our last category. Last but not least, SASE, Secure Access Service Edge. What is SASE? And how does it maybe touch on or overlap or connect to zero trust?
Grady: SASE is essentially the convergence of network security and edge perimeter security tools and SD-WAN [software-defined WAN] in more of a cloud-delivered, microservices-based model. That's kind of the core definition. And the reality is that we're not all the way there because that's a lot. Traditional security tools haven't even gone fully cloud-delivered in a lot of cases. Similar to zero trust, it's a journey. I think the difference is it's closer to a discrete solution or product architecture, whereas zero trust is really about the how and setting the right policies, taking a different thought process to security. Where they really overlap is with zero-trust network access, which is the evolution of VPN and incorporating that into a SASE framework or architecture. There's overlap, but they are discrete cybersecurity trends, for sure.
Wright: So, because of that, are there different obstacles or implementation challenges with SASE versus zero trust because it's more solution-oriented?
Grady: There's two main obstacles that I see. The first is cloud. We found that most organizations still have the majority of their network security tools in an on-premises appliance-based approach. They have to transition those to the cloud. The second is organizational dynamics. You're talking about the security team and the networking team having to come together to source, use, test and implement a converged solution, but that's a big ask, and it's something that companies need to start thinking about more before they go down the technology path. How are teams within the organization working together? How are you starting to think about measuring your security team more on business outcomes? Things that maybe the network and IT team is more used to to get them kind of rowing in the same direction.
Wright: Great. Well, guys, I think this lightning round is officially out of time. Thank you so much for joining me and for weighing in on these three emerging technologies.