Modernizing Security Operations with XDR
This blog was originally published by Cisco here.
Written by Aaron Sherrill, Senior Research Analyst at 451 Research.
Set the Stage: A World Without XDR
Security operations teams at most organizations are overwhelmed by the sheer number of security products they’re required to manage.
Over the course of many years, security teams have stitched together a robust security stack with dozens, if not hundreds, of disparate, siloed security tools, each aimed at protecting specific elements of the organization’s IT ecosystem. And that behavior seems likely to continue. According to 451 Research’s Voice of the Enterprise: Information Security, Budgets and Outlook 2021 survey, security budgets are continuing to increase rapidly year-over-year, with 86% of organizations planning to increase security spending by an average of 27%. Hardware and software security tools and products account for over 50% of this increase.
The sophistication of modern attacks is driving security teams to take a multidimensional approach to protecting their organizations. So, with good intentions, teams have adopted a variety of safeguards and processes to prevent, detect, mitigate and respond to security incidents. However, the very cybersecurity technologies they have deployed to protect the organization’s critical assets have also increased complexity and decreased the effectiveness of the organization’s security posture.
The Push for Change: Top Pain Points
With little to no integration between these tools, the security team is hampered with data silos, resulting in limited visibility, high complexity and significant management overhead.
As attacks continue to grow in volume and sophistication, organizations are continuing to transform and modernize, creating a digital footprint that is increasingly disparate, diverse and difficult to protect. These rapid shifts are leaving security teams at a disadvantage as they deal with constant change, increased risk, more data to decipher, competing priorities and a broader attack surface to protect. With these challenges as a backdrop, it is easy to understand why respondents to 451 Research’s survey indicated that threat detection, a lack of visibility and network security are among the top information security pain points their organizations are experiencing. Security teams are recognizing that this new reality demands a shift in tactics.
XDR: The Missing Piece
Extended detection and response (XDR), a relatively new term and approach to security operations, is aimed at empowering security and IT teams with the capabilities to detect threats across multiple vectors by aggregating telemetry across the security stack. Leveraging analytics and intelligence to interpret and correlate data, XDR holds the promise to enable security teams to rapidly detect and respond to threats across a broad range of technologies, workloads and environments and analyze telemetry data from an ever-growing array of sources including endpoints, email, networks and cloud services.
XDR can drive response actions with high fidelity and provide in-depth insights and context into security incidents that would otherwise be too time-consuming and resource-intensive to achieve at scale. Integrating machine learning, automation and threat intelligence into a platform approach, XDR can provide security and IT teams with greater visibility across their entire IT ecosystem, enabling rapid, orchestrated response across a wide range of threat vectors.
Few organizations are able to tackle all of the security challenges they face as well as mature their cybersecurity programs quickly enough to keep pace with the increased risks, especially given the 24/7 nature of threats. Detecting indicators of compromise and responding to threats 24/7 is one of the main roles of the security operations center. However, in our survey, only about 46% of organizations reported having a SOC in place. Not surprisingly, that percentage was even lower among smaller organizations. At the same time, only about 55% of organizations believe their security staffing level is adequate to handle the cybersecurity challenges their organizations are facing today, yet only 14% indicated that they plan to add to their security team in the coming year.
A Unified Approach
XDR is positioned to benefit organizations of all sizes. It can provide value to experienced and new analysts alike, as well as benefit both large, mature security teams and lean IT teams that possess minimal in-depth security expertise. By amplifying the scale, speed and scope in which organizations can detect and remediate attacks, XDR can help security teams address many of the obstacles to effective detection and response, delivering unified and enriched context and root cause analysis, providing correlated detections, producing prescriptive response recommendations and enabling proactive threat hunting.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.