Why Security Teams are Looking to XDR; And How to Best Implement It

XDR

As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Kyle Falkenhagen of Secureworks talks XDR; implementing it, best practices, and why SOC teams are turning to it as a cybersecurity solution.

Premium ContentA recent Forrester report looked at what is really on the mind of CISOs, VPs, and security managers, including current security challenges they face and why they are considering next-gen technology, such as extended detection and response (XDR), to secure their environments. The report, Wise XDR Choices Lead to More Benefits Than Expected, highlights how XDR modernizes security operations, maximizes security effectiveness and allows businesses to leverage existing investments when choosing the correct type of platform.

Monitoring your organization’s environment for cyber threats can feel like wading through murky water– something dangerous and unknown is always lurking just below the surface. Unfortunately, with the rise of sophisticated attacks and an ongoing shortage of qualified talent, getting the insight needed to defend against cyber threats is no easy feat. That is why every business looking to boost its security should focus on technology that can enhance the visibility and understanding of those threats across their IT environments.

The Current State of Affairs

There is increased pressure for companies to get security right – and for a good reason. Cybersecurity incidents can have a tangible impact on top-line revenue. According to the Forrester report, respondents cited loss of customer trust (27 percent), loss of revenue (24 percent), and negative impact on brand reputation (22 percent) among their biggest security concerns. And it’s not just cybersecurity professionals who are worried about these issues, as we are seeing everyone from board members to CEOs making cybersecurity and breach avoidance a top priority.

There is also an industry-wide talent shortage that companies are up against. According to Cybersecurity Ventures, there were a staggering 3.5 million unfilled cybersecurity jobs in 2021. That’s enough people to fill 50 NFL stadiums! Plus, according to the same Forrester report, three-fifths (59 percent) of respondents admit they have insufficient in-house expertise to deal with new cyber threats.

Moreover, the status quo for security solutions is no longer working. Traditional security operations solutions like security information and event management (SIEM) and endpoint detection and response (EDR) can no longer keep up with what is needed. SIEM solutions have unpredictable pricing and heavy configuration requirements, lack the out-of-the-box controls to detect threats accurately, and have little to no automation for rapid response. EDR has limited visibility by only looking at endpoints, which is not the only attack vector that adversaries go after. As sophisticated threats such as ransomware and zero-day attacks rise, companies are looking outward to take a more proactive and coordinated approach to cybersecurity. This is where XDR can make a difference.

Creating an Integrated Partnership Through XDR

XDR is a modern technology that can help solve today’s security challenges. In fact, 60 percent of respondents indicated that their organization plans to implement or further expand their usage of XDR over the next 12 months. Unlike traditional security tools like EDR and SIEM, which have a narrow focus, XDR provides a holistic approach by ingesting, correlating, and prioritizing data from across an organization’s endpoint, network, cloud, and identity environments. XDR also leverages next-gen technology such as automation, machine learning-driven analytics, and comprehensive threat intelligence to stay ahead of advanced threats. This means that organizations get comprehensive coverage of their security fabric, as XDR can correlate threat intelligence, vulnerability data, logs, and events from different security tools, which enables security teams to quickly identify false positives from true positives to spend time on real threats. At the end of the day, most organizations are looking at new security solutions to improve the speed and accuracy of their organizations’ threat detection. XDR is to be able to deliver on that promise.

Best Practices When Selecting XDR to Modernize Your Security Technology Stack

To get the most out of an XDR investment, we recommend looking at solutions that:

  • Combine best-of-breed security solutions: Most companies have already invested significant resources into building up their security defenses. Open or hybrid XDR platforms can integrate with best-of-breed security products, allowing organizations to leverage current and future investments.
  • Move away from a siloed approach: Centralizing security events provides insight into how complex attacks progress across a kill chain. It combines weak security signals from multiple sources to create stronger signals, making it easier to identify known and unknown threats.
  • Reduce alert fatigue: Data without context makes it hard to differentiate between false alarms and real threats. There are not enough hours in the day to investigate every alarm – and even if you could, it would be a waste of resources. Security analysts spend approximately 24 to 30 minutes investigating each alert. However, an integrated platform makes it possible to correlate data, providing insight to prioritize which alerts to investigate.

When to Find a Partner, Not Just a Provider

Companies of virtually every size are increasingly looking at managed service providers. Seventy-three percent of respondents said they plan to operate a hybrid model where their internal security operation center (SOC) and their XDR provider are security partners or plan to have the XDR provider use the tool on their behalf. A key benefit of not going it alone is getting access to years of threat intelligence and big data sets. This is critical. Adversaries have access to the same technology that many security tools are based on, and this added intelligence can help companies get ahead of the most sophisticated threat actors.

Getting Clarity into the Unknown

Cybersecurity is an evolving industry; unfortunately, there is no one-size-fits-all answer to staying protected. However, with the right technology and expertise, there are ways to have the proper protection in place and be prepared to respond when a threat does occur. The more clarity you can get about the current threat landscape and what is abnormal behavior, the better chance you’ll be able to see what is lurking within your networks – and, just as importantly, prevent them from entering in the first place.

Kyle Falkenhagen
Follow Kyle
Latest posts by Kyle Falkenhagen (see all)