NDR Visibility Will Enable Zero Trust Transformation in 2024
Back to top
November 27, 2023
NDR Visibility Will Enable Zero Trust Transformation in 2024
As 2023 draws to a close, it’s a good time to consider how security leaders may need to shift their cyber strategies in the new year. One thing that’s certain: threat actors will continue trying their hardest to exploit any cyber weaknesses they can find, so ensuring your organization’s cyber hygiene is in top form will remain critical. To that end, network visibility will be a crucial part of organizations’ transformational security plans in 2024.
With the cost of defending organizations against increasingly savvy threat actors climbing, security leaders are looking to buy down as much risk for the dollar as they can.
Network Visibility Will Be Crucial to Organizations’ Zero Trust Plans
Security leaders are already leaning into network detection and response (NDR) as a key strategy for cost effectively modernizing their networks. Not only does NDR play a crucial role in zero trust, it also picks up where tools like EDR and SIEM leave off.
With the cost of defending organizations against increasingly savvy threat actors climbing, security leaders are looking to buy down as much risk for the dollar as they can. NDR helps in that respect by giving organizations risk visibility that they can’t get from other tools and by providing east-west traffic data to make EDR, XDR, and SIEM tools work more efficiently and effectively.
Additionally, security leaders want to ensure their organizations’ cybersecurity investments will contribute to future cybersecurity plans. These plans are likely to include meeting government compliance mandates and zero trust security controls—all of which require the ability to visualize your entire constellation of endpoints, whether it’s servers or mobile devices on the tactical edge.
For example, within zero trust there are seven pillars, or focus areas, that are commonly accepted as necessary to work in concert to achieve an effective zero trust implementation. Visibility plays an ever-present role in each pillar:
- User - Can you see who is using your network?
- Device - Can you identify what devices are on your network?
- Data - Can you see the different kinds of data traveling around your network and where it’s going? Can you assess encrypted data for threats?
- Applications/Workload - Can you see what applications are in use?
- Network/Environment - Do you have a holistic picture of your network architecture?
- Visibility/Analytics - Can you monitor the activity on your network holistically?
- Automation/Orchestration - Can you establish a baseline of normal network activity, then apply AI to automate both detection of suspicious deviations from normal network and user behavior and policy enforcement?
Furthermore, as adoption of cloud and mobile technologies continues to increase and erode the traditional network perimeter in the process, the ability to monitor your network traffic–especially within the east-west corridor–becomes ever more critical. Even the best firewalls and endpoint detection systems cannot keep out every intruder, including malicious insiders who use their legitimate credentials to disrupt, deny, or thieve. East-west traffic is where you’ll discover the post-compromise behaviors, like reconnaissance, lateral movement, privilege escalation, command and control communications, and more, that signal an early-stage attack. If you are serious about mitigating risk to the mission, then visibility into east-west traffic, not just north-south traffic, is absolutely essential.
NDR also offers insight into what can’t be secured, what needs to be patched immediately, and what is well secured. This enables leaders to better communicate their organization’s risk exposure to the board and senior management team and to make informed decisions about their technology stack. Legacy applications that can’t be secured can be addressed immediately, while those in need of patching can be prioritized based on the category of risk. Retiring and consolidating applications not only leads to better security, it also reduces costs and complexity, and aids in budgeting for tech upgrades.
The ability to deter, detect, deny, defend, and quickly recover from malicious cyber activities will require a robust solution. A combination of technologies, processes and resources is likely to be part of your zero trust strategy. Developing a scalable, resilient, auditable, and defendable cybersecurity framework will also be crucial to strategically protect your environment. But it all starts with visibility. After all, if you don’t know what you’re protecting, how can you possibly defend it properly?
To share your perspective, check out the discussion on the ExtraHop customer community.
Senior Strategic Advisor - Public Sector
Sarah Cleveland comes to ExtraHop with over 26 years in the Air Force as a career Cyber Officer. Retiring as a Colonel, Sarah has led at the Squadron, Group Commands, and Joint Directorate levels (J6, G6, & A6). She has been responsible for providing cyber operations in garrison as well as deployed (disadvantaged/disconnected environments). Her operational experience includes combat operations in Iraq, Afghanistan, other areas in the Middle East as well as training Colombian and Polish Special Operations Forces in communications tactics, techniques, and procedures. As her final position in the Air Force, Sarah was responsible for the global NC3 (nuclear) sensor network (operations, maintenance, and sustainment) in support of global nuclear monitoring and other organizations. She oversaw emergency action plans for NC3 Continuity of Operations (COOP) as well as facility management and personnel actions for all Air Force Technical Applications Center sites globally.
Sarah joined ExtraHop as the Department of Defense Account Manager. Her Territory is DoD (Services, COCOMs and Agencies). Sarah currently resides in the Tampa/St. Petersburg area.
Share
