Themes: Zero-Days & The Cybersecurity Industry (Pt.2)
Summary
- In Part 1 we discussed the pervasive threat of zero-day vulnerabilities, which are suspected to have assisted Chinese hackers infiltrate the US wiretap system.
- In Part 2 we discuss where the cybersecurity industry will evolve from EDR and what solutions may emerge to better protect against zero-day threats.
What's next?
Detection and Response
Is EDR the end game?
At the start of 2023, the consensus leaned towards ‘yes.’ However, recent breaches suggest otherwise. Many attacks don’t begin with a compromised endpoint. For instance, if a hacker can initially infiltrate the system undetected, then escalate privileges by acquiring administrative access, EDR alone may struggle to prevent such a threat. The recent Wiretap attack highlights this gap: it emphasizes the need for network-based detections and network hardening to safeguard systems.
This brings us to the ongoing shift towards XDR, a trend originally pioneered by PANW and later accelerated by S. XDR expands detection by aggregating logs from multiple sources, not just endpoints. Networking logs from routers and firewalls, as well as logs from cloud vendors, are now key components. For example, by integrating network data with endpoint data, PANW has demonstrated strong test results, often outpacing top EDR/XDR players like CRWD.
FTNT, meanwhile, is focusing on NDR — Network Detection and Response. Like EDR, NDR gathers network-related logs and analyzes them to detect anomalies. This approach seems promising as it addresses a basic but essential need: detecting suspicious activity like a sudden transfer of over 100GB of data. Yet, despite its potential, NDR development remains limited, with FTNT being one of the few companies continuing to invest in it, leveraging technologies like ML, DL, DNN, and now LLM to enhance NDR and NOC (Nework Operations Center) capabilities. Although there are NDR startups, none have driven market growth quite like Wiz has done in cloud security. CoreLight, for example, offers compelling technology but relies on human logic, which seems to limit its scalability.
