1 Introduction
The proverbial “network deperimeterization” many security experts have been constantly talking about for years is no longer just an ongoing trend – it is the new reality modern businesses have to live and operate in. With a growing number of applications, data stores, and other workloads moving to the cloud as well as the increasing number of external partners, contractors or even customers accessing them, modern corporate networks no longer resemble traditional castles with walls and moats. Rather, they resemble sprawling urban areas, loosely connected and often governed by completely different IT teams or even 3rd party companies like cloud service providers.
The unfortunate downside of this digital transformation has been a sharp increase in the number and scale of data breaches. Whether focusing on targeted attacks for purposes of industrial espionage or sensitive data theft or drive-by attacks like ransomware, cybercriminals are constantly developing new methods of infiltrating corporate IT systems and traditional perimeter security tools like firewalls cannot stop them.
Unsurprisingly, in recent years, the focus of the information security market has gradually shifted from perimeter protection towards monitoring and detecting malicious activities within enterprise networks. However, neither manually operated security information and event management platforms (SIEM) that were once presented as the ultimate solution to all security problems nor the more modern AI-powered detection and response products that came to replace them later seem to fare substantially better.
Alert fatigue and the notorious skills gap, however, are only partially to blame here. Perhaps the most fundamental reason for the inability of even the most modern detection tools to keep up with the current risk landscape is that they are still implementing a siloed approach towards cybersecurity, leaving wide gaps in coverage between individual endpoint, network-level or cloud-focused products.
The latest trend that promises to overcome these limitations of isolated tools is XDR. “X” here represents a variable that can stand for anything but is generally understood as the evolution of EDR (Endpoint Detection and Response) to include more sources than just endpoints. In this sense, XDR tools can incorporate security data from network, cloud, threat intelligence and other sources, giving analysts full understanding of every stage of a cyberattack across multiple environments. Such tools are designed to assist analysts at mitigating attacks faster by automating the remediation activities. This approach can reorient security professionals more towards user- or business-focused protection.
However, as long as such solutions continue to focus on infrastructure alone, they are going to miss all the crucial business context information that is only available through higher-level analysis. For example, without understanding the logic, behavior and business risks of corporate applications, even the most detailed analysis of network flows between them will never help an analyst to properly assess the risks of a vulnerability and to prioritize mitigation actions accordingly.
This seemingly obvious idea is the foundation of the TrueFort application analytics and protection platform. The company offers a comprehensive application-focused XDR solution to monitor modern cloud-native and hybrid workloads, detect and quickly remediate any cyber-threat and prevent data breaches, utilizing the telemetry from 3rd-party agents already deployed by most organizations.