/
제로 트러스트 세그멘테이션

Mind the Gap: Why EDR Needs Zero Trust Segmentation

Dwell time, also known as the breach detection gap, describes the delta between the initial breach occurring and it being detected. Within cybersecurity, we are laser focused on reducing the dwell time to thwart attacks before they can cause any harm. Despite relentless innovation in detection capabilities, we have to acknowledge that by definition it's a cat-and-mouse game where the attacker always has the advantage.

As defenders, we are playing catch up with real world consequences. Just in the past few months we've been reading about breaches at MediBank, Uber, and Plex. These incidents remind us that a breach is inevitable and, especially in the MediBank case, costly.

The future of detection

Innovation into machine learning (ML) and artificial intelligence (AI) by Endpoint, Detection & Response (EDR) vendors has given blue teams a significant leap in capabilities in the past decade, but there is a limit to this technology.

Detection can still be evaded.

For example, a change in the malware code language, agent tempering, or fileless malware significantly affects detection rate. Our defensive tools will get smarter to solve for these gaps, but this will just push attackers into developing more creative workarounds.

With every change in behavior or code, EDR vendors need to adapt which result in an increased mean time to detection (MTTD).

So where does this leave us? Companies have invested over $28 billion into endpoint security with a focus on detection while breaches still stay undetected. In fact, on average, it takes an organization 277 days to identify and contain a breach according to the 2022 Cost of a Data Breach Report from IBM.

A lengthy dwell time gives attackers the opportunity to spread through the network undetected, establish persistence, create secondary backdoors, and eventually exfiltrate data or deploy ransomware.

Don't dwell on it: EDR is needed to respond to threats

But calling out a weakness doesn't render EDR as ineffective. In fact, we can argue that EDR is more important than ever now that we are trying to consolidate data from all sources into one single security platform with XDR.

It's also important to call out the last letter in EDR - response. Hunting for threats without a capable EDR solution in place is next to impossible.

The ability to respond to an incident at scale is the only way of clearing an attacker out of a comprised environment, and this is where we have to rely on EDR when it comes to clearing threats from our endpoints.

A new paradigm - breach containment

Defense in depth, the practice of adding independent layers of security controls, is our best move forward. This way, when detection falls short, we have other layers of defense in place.

This doesn't mean we should stop focusing on reducing dwell time; we just need to escape the rat race and implement new layers of defense that are not dependent on detection. Investing in breach containment is our most effective move forward.

By implementing Zero Trust Segmentation (ZTS) to all our endpoints with Illumio Endpoint, we can proactively prevent future attackers from spreading from a single compromised endpoint to the entire network. By focusing on containment, we extend the allotted time our EDR solution has to detect a breach before it turns into a disaster, reframing the way we think about MTTD and dwell time.

zero-trust-segmentation-increase-detection-zero-days

Like peanut butter and jelly

Illumio fills the gap between incident and detection, agnostic from attack pattern.

Combining proactive technology like ZTS with reactive technology like EDR on every endpoint lessens the dwell time weakness while also significantly increasing response capabilities. In fact, according to offensive security firm Bishop Fox, combining detection and response with Illumio radically reduced an attacker from spreading while detecting 4 times faster.

Breaches are not going anywhere. But by embracing breach containment on every endpoint ensures your organization can be resilient to everything that is left to come.

Learn more about why you need both EDR and Zero Trust Segmentation.

Contact us today to schedule a consultation and demonstration.

관련 주제

관련 기사

RSA 2017을 최대한 활용하기: 실무자를 위한 가이드
제로 트러스트 세그멘테이션

RSA 2017을 최대한 활용하기: 실무자를 위한 가이드

RSA 2017이 다가옴에 따라 사이버 보안 모범 사례에 대한 최고의 컨퍼런스 하이라이트를 제공하는 방법을 소개합니다.

마이크로세그멘테이션의 효과를 측정할 수 있습니까?
제로 트러스트 세그멘테이션

마이크로세그멘테이션의 효과를 측정할 수 있습니까?

Illumio와 Bishop Fox는 마이크로 세분화의 효과를 측정하는 방법에 대한 업계 최초의 청사진을 수행하고 문서화했습니다.

포레스터, 일루미오를 포레스터 웨이브™ 의 리더로 선정: 마이크로세그멘테이션 솔루션, 2024년 3분기
제로 트러스트 세그멘테이션

포레스터, 일루미오를 포레스터 웨이브™ 의 리더로 선정: 마이크로세그멘테이션 솔루션, 2024년 3분기

마이크로세그멘테이션 솔루션을 위한 포레스터 웨이브 (Forrester Wave) 에서 John Kindervag의 주요 내용을 확인해 보십시오.

항목을 찾을 수 없습니다.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?