According to Gartner, by the end of 2023 more than “80% of organisations will have completed extended detection and response (XDR) projects and nearly 70% will have completed secure access service edge (SASE) projects”. For many, these projects aren’t an end in themselves – they’re compelling first steps in the journey towards consolidated security.
Why is that the case? In essence, SASE provides secure enterprise access, while XDR focuses on detecting and responding to threats through increased visibility on networks, cloud, endpoints, and other components. Together, they provide a framework for more integrated, seamless cybersecurity – rather than relying on a siloed portfolio of point products.
But with so many terms and technologies in the mix, it can be hard to see the wood from the trees. So let’s take a step back.
What is XDR – and why does the mid-market need it?
The term ‘extended detection and response’ originally comes from Palo Alto. At its heart, XDR is all about analytics – collecting and analysing a huge amount of data about potential threats to an organisation’s extended landscape and rapidly moving to counter them.
It’s also about controlling the flow of data across the organisation, performing a data loss prevention (DLP) function by stopping sensitive information from proliferating across cloud apps or via email.
It could, for example, refer to projects which free companies’ users from being tied to a single corporate device. Working autonomously, it provides a more intelligent, case-by-case way to determine access and safe behaviour, rather than simply authenticating one set of devices or protecting a perimeter.
What does all this have to do with consolidation? When companies are operating on a consolidated, platform-based model, one single system can process threat intelligence, device telemetry, and web, email, and cloud app activity to generate a wide view of the environment and any threats it faces.
And if that sounds like the kind of high-cost deployment that only major enterprises need to invest in, think again – this technology is increasingly accessible to the mid-market. And the need for autonomous, integrated security and DLP is every bit as acute in medium-sized organisations as in their larger counterparts.
SASE: what and how?
What about SASE? This term has become something of a buzz-phrase in recent years, and includes both network and security elements. Essentially, it means shifting access management to the edge of the network, authenticating at the point of access rather than trying to operate a centrally-managed pseudo-perimeter. Many organisations consider this approach when replacing complex legacy firewall hardware appliances or VPN infrastructure, particularly given many no longer have a LAN.
But SASE is very much a long-term journey. The goal for mid-market organisations is not a single purchase or transition, but rather getting set up to finish there as a final destination. What’s the first step on that journey? Adopting a zero-trust network access (ZTNA) approach.
Under the Zero Trust framework, no-one is trusted. Users must prove their identity before being granted access. Importantly, this trust must be continually assessed and re-evaluated. For example, if the same user logged in from two different cities just minutes apart, a red flag would be raised and access instantly withdrawn.
Most large organisations are already adopting ZTNA. However, for companies in the mid-market with lean security teams, zero-trust can seem like a challenging policy to enforce. But it doesn’t have to be. The key is to adopt a platform that automatically reviews access requests 24/7 and deploys intelligent data analysis to determine context-based approvals at lightning speed. This is hugely powerful for lean security teams.
Putting it all together
So with all that said, why are XDR and ZTNA (with SASE on the horizon) the first steps in the consolidation journey? And why are they so relevant to the mid-market?
Most XDR solutions are focused on integrating and simplifying multiple security solutions used by large global enterprises. But mid-market firms struggle with a very different reality. They may not have sufficient controls in the first place. They often have limited budgets rather than huge, complex teams, and are facing an increasingly complex threat landscape.
But XDR and ZTNA can solve these problems. By autonomously consolidating data streams from across the organisation and generating a comprehensive picture of what’s happening, they can give mid-market organisations a 360-degree view of their security in one place.
Not only does this dramatically reduce the burden on stretched security teams, it enhances protection – providing an effective defence for a more diffuse workforce and responding with agility to evolving threats.