Have you ever been to the cinema to see a movie that everyone raved about, only to find yourself disappointed? This is a typical risk when anything is overhyped: a film, a book – even a cyber security solution.
These days, the two most hyped solutions in our industry are SASE and XDR. They’re the holy grails of cybersecurity, touted as one-stop solutions to many problems. They almost sound too good to be true.
And, if we’re being honest, we think they are. Just like an overhyped film, SASE and XDR don’t quite live up to their potential – at least not yet. Below, we explore why.
A quick recap – what’s XDR and what’s SASE?
Before we de-hype these two solutions, let’s quickly recap what they mean and what they’re good for – starting with XDR (aka: extended detection and response).
XDR is said to provide a holistic approach to detection and response. It’s not just about monitoring endpoints; it’s about monitoring the cloud, the email and the network. This is a step above most of today’s detection and response solutions, which tend to focus on siloed parts of the organization, rather than scanning everything at once and creating a complete picture.
By looking at everything across the organization, XDR should be able to find patterns of anomalous behavior, and spot and stop threats before they wreck havoc.
Then there’s SASE (pronounced “Sassy”). SASE stands for secure access service edge. Gartner is a huge fan of SASE and is hyping it to be the future of network security – note, though, even Gartner says “the future”, not right now.
SASE is a combination of WAN with cloud access security broker (CASB) functionality. It’s about creating borderless cloud security and high-speed functionality for users. Essentially, SASE aims to keep enterprises secure wherever employees work, without compromising the end user experience.
Piercing the hype bubble
The descriptions of SASE and XDR are both extremely promising and, when we say they’re too good to be true, we’re not dismissing the technologies altogether. In a few years’ time, we think that SASE and XDR will have an important role to play in enterprise security. However, right now, the functionality for these solutions just isn’t there.
Both SASE and XDR are really in their infancy stages. Most vendors who are offering SASE and XDR deployments are missing pieces of the puzzle.
For example, with SASE, the complexity of deployment and integration challenges mean that most solutions currently fall short. SASE will only be worthwhile if it can provide wide-ranging availability and security at the edge. However, currently there simply isn’t the infrastructure to enable it, meaning SASE could create shadow IT problems while also costing a lot of money to introduce.
Similarly, while XDR looks appealing, no vendor out there has actually put together the complete package yet. Sure, some may provide effective endpoint and cloud capabilities, while others will have strong endpoint and email capabilities – but no one vendor has it all. Going with one vendor for an incomplete XDR solution means you may have to double up later, which will be a cost drain and could likely lead to integration issues.
Piece-meal approach is best
The rapidly evolving cloud security landscape is bringing new entrants in the market, and the vendors themselves are adding DLP features built-in to their solutions. This is changing how and what SASE/XDRs are supposed to detect. The advances in capabilities underlying cloud endpoint solutions is nowhere near maturity and will evolve in the coming years. We support adding SASE/XDR capability for point solutions on the most vulnerable parts of the tech stack. These solutions should be interoperable with existing DLPs or SIEMs to ensure continuity with existing workflows. As this space evolves, winning solutions will emerge that provider a more holistic approach.
It’s best to wait
At this point in time, rushing to get involved in SASE or XDR could be a costly mistake. Despite the hype, the infrastructure isn’t there for these solutions to reach their potential – at least not yet anyway. While it’s definitely worth keeping up with the market, investing now is not wise.
Instead, you should continue to focus on data, cloud and identity-based security. In the remote working world, verifying that your employees are who they say they are, and ensuring that they only access data that they are meant to, is one of the best ways to prevent data loss or theft. Solutions like Polymer’s cloud-based data loss prevention (DLP) help you to secure data as it travels in and out of collaboration tools and cloud applications. Using a zero-trust approach, Polymer ensures that only authenticated, trusted users can access your sensitive data, keeping it safe no matter where your employees are.