Content + Strategy

Blog

Here are some articles I’ve written for various clients.

XDR Report: IT Decision Makers Struggle to Define Value

As advanced threats become even more disruptive, the need for a strong cybersecurity posture must be a top priority. For years, all it took was a firewall to stop intruders. When that levy broke, endpoint detection filled the gaps, while security information and event management (SIEM) tools offered additional log data and compliance capabilities. Finally, network detection and response (NDR) solutions emerged to provide the missing piece—network data—to the security puzzle.

Now, extended detection and response (XDR) is coming into the picture, and for good reason. It’s a strategy that aims to give organizations complete visibility across endpoint, network, and other high-fidelity data sources and provide a more complete picture of an organization’s attack surface. According to a report conducted by Wakefield Research on behalf of ExtraHop, 78% of IT leaders believe that wider adoption of XDR will be a necessity in 2023. At the same time, what constitutes an XDR strategy continues to be a point of contention. It seems not all IT decision makers agree on what parts are needed to make the whole.

Defining XDR

Despite all the hype over XDR, many IT decision makers struggle to define what it is, its benefits, and key technology components, even as they move forward with XDR strategies. According to our research with Wakefield, only 47% of IT decision makers could accurately define XDR as a strategy for deepening threat visibility and accelerating threat detection and response by correlating endpoint data with higher-fidelity network telemetry and other data sources via an integrated, cloud-native platform.

The large proportion of respondents who couldn’t identify an accurate definition of XDR may explain why our results also showed little consensus about which data sources are most important to support an XDR strategy: if you don’t know what XDR is, then your understanding of the technology components needed to support it is likely limited as well. This showed up most starkly among IT decision makers at organizations not currently implementing an XDR strategy. Those organizations were more likely to rank threat intelligence, firewall data, and identity and access management logs as most important–three components we don’t see prioritized in analyst reports on XDR.

Indeed, according to IDC, a fully realized XDR solution should have:

  • EDR capabilities

  • SIEM

  • NDR

  • Integrated external threat intelligence

  • A SOAR workflow management

This point is consistent with our research, which states that a “majority of IT decision makers view XDR as a disruptive technological force and the next logical step in the future of cybersecurity because of the way it incorporates network and other telemetry to build on endpoint detection and response (EDR) solutions, and ultimately, to shift detections from the endpoint to earlier in the attack cycle.”

XDR is Becoming A Reality

When this strategy was first introduced a few years ago, the idea sounded too good to be true. Now companies are looking to implement their own XDR strategies to keep pace with the ever-growing cyberthreat landscape. Whether they fully understand it or not, the vast majority of respondents have either begun their journey to XDR or plan to do so over the next 12 months.

The reality is that cyberattacks are only getting more malicious, and outwitting them demands a strong security posture. To learn more about XDR and IT decision makers’ perceptions of it, check out the report.

Paul Ditty