XDR is Real and Set to Make an Immediate Impact in the SOC
With organizations struggling with alert fatigue and disconnected tools for monitoring security controls, it is not surprising that one of the hottest new cybersecurity technology categories is XDR.
The Rise of XDR
Designed to better integrate security control data and security operations through cloud-driven analytics, detection, and response, the category of Extended Detection and Response (XDR) looks to be taking off according to a recent survey conducted by IT analyst firm ESG, where 70% of organizations already using or considering XDR, plan to establish a formal budget to invest in an XDR software solution in the next 12 months. Survey respondents were also asked a wide range of questions on the technology currently in their SOC, the challenges that are creating opportunities for new technology, and the requirements those products need to deliver.
Diverse XDR Offerings
Enter XDR, the latest product category that claims to change the game for cybersecurity teams. You’ve seen the headlines, XDR cybersecurity tools come in many flavors, though, with some solutions that only support a single vendor’s toolset and others that operate as hubs for integrating best-of-breed tools. In general, organizations seemed to prefer more agnostic concepts that didn’t require a complete rip and replace of existing security controls, although some respondents would be willing to consider changing out if the XDR solutions delivered on their promises.
Addressing Challenges with XDR
The biggest challenge to solve related to the security data and alerts generated by disparate security controls was filtering the noise out of the alerts so that security analysts could focus on the right signals (38% of respondents). This means they could deliver the most important outcome that 40% of respondents currently using or considering XDR want: improve the fidelity and prioritization of security alerts to make it easier to triage and respond to events (leading to improved response time).
Continued Challenges
Ultimately, the challenge remains the same. To find the bad guy quickly before he/she does damage. We have continued to add new solutions that deliver on some element of this, however, security teams have struggled with integrating that data and detecting the real incidents in that flood of data. And to do so promptly. The new hope is XDR security which promises to reduce the security engineering burden while using analytics to improve and speed detection.
