Security Operations

XDR is Real and Set to Make an Immediate Impact in the SOC

Dan Lamorena
by Dan Lamorena
category Security Operations

With organizations struggling with alert fatigue and disconnected tools for monitoring security controls, it is not surprising that one of the hottest new cybersecurity technology categories is XDR. Designed to better integrate security control data and security operations through cloud-driven analytics, detection, and response, the category of Extended Detection and Response (XDR) looks to be taking off according to a recent survey conducted by IT analyst firm ESG, where 70% of organizations already using or considering XDR, plan to establish a formal budget to invest in an XDR software solution in the next 12 months. Survey respondents were also asked a wide range of questions on the technology currently in their SOC, the challenges that are creating opportunities for new technology, and the requirements those products need to deliver.

Enter XDR, the latest product category that claims to change the game for cybersecurity teams. You’ve seen the headlines, XDR cybersecurity tools come in many flavors, though, with some solutions that only support a single vendor’s toolset and others that operate as hubs for integrating best-of-breed tools. In general, organizations seemed to prefer more agnostic concepts that didn’t require a complete rip and replace of existing security controls, although some respondents would be willing to consider changing out if the XDR solutions delivered on their promises.

The biggest challenge to solve related to the security data and alerts generated by disparate security controls was filtering the noise out of the alerts so that security analysts could focus on the right signals (38% of respondents). This means they could deliver the most important outcome that 40% of respondents currently using or considering XDR want: improve the fidelity and prioritization of security alerts to make it easier to triage and respond to events (leading to improved response time).

Ultimately, the challenge remains the same. To find the bad guy quickly before he/she does damage. We have continued to add new solutions that deliver on some element of this, however, security teams have struggled with integrating that data and detecting the real incidents in that flood of data. And to do so promptly. The new hope is XDR security which promises to reduce the security engineering burden while using analytics to improve and speed detection.

Learn more about what your peers are thinking and how XDR can change the game for your security team.

 

Download the ESG eBook, The Impact of XDR in the Modern SOC – Taking Detection and Response to the Next Level.

 

Then register for the webinar, “Survey Says: A Modern SOC Requires XDR,” featuring Dave Gruber, Sr. Cybersecurity Industry Analyst at ESG.

 

 

 

Source: ESG eBook, The Impact of XDR in the Modern SOC – Taking Detection and Response to the Next Level, November 2020.