Security teams are short-staffed, network complexity continues to increase, and the cost of data breaches are growing. But XDR offers an opportunity to reverse these trends and more.
By Yossi Naar, chief visionary officer and co-founder of Cybereason
A recent SecBI survey found that many organizations are in the process of adopting Extended Detection and Response ((XDR) solutions. Nearly 80% of infosec personnel who responded to the survey said that XDR should be a top security priority for their organisation.
In support of this viewpoint, 68% of survey participants also said that their organisations were planning to implement XDR in 2022. The survey findings presented above emphasize the following reality: XDR needs to drive security strategies for organisations in 2022.
There are three reasons for this – let’s explore each of them in detail below.
XDR Addresses the Security Skills Shortage
First, the cybersecurity skills shortage remains a problem for many organizations, and a recent report conducted by the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG) provides some insights.
It revealed that a heavier workload (62%), unfilled positions (38%) and worker burnout (38%) are contributing to the skills gap, and most (95%) said they believe the gap has not improved in recent years.
The problem with the skills gap is that it complicates organisations’ security efforts. Together, these factors make it more difficult for security personnel to weed through things like false positives so that they can defend their employers against legitimate security concerns.
Infosec teams are also facing burnout and overload from low-context alerts and false positives. As organisations expand, SIEM and SOAR solutions struggle to scale and become increasingly cost-prohibitive.
An advanced XDR solution provides a unified investigation and response experience that correlates telemetry across remote endpoints, mobile devices, cloud platforms, and applications in order to predict, prevent and end malicious operations.
XDR Addresses Growing Network Complexity
Second, organisations use lots of different security tools, which is contributing to complexity across their environment. In fact, according to a recent Reliaquest survey, enterprises use an average of 19 different security tools and many survey participants weren’t convinced of the effectiveness of the tools.
For example, 85% of security decision makers said in the study that they’re deploying new technologies faster than they can productively use them.
An advanced XDR solution works to break down the data silos across devices, applications, productivity suites, user identities, and cloud deployments that attackers rely on to remain undetected.
Advanced XDR unifies network, device and identity correlations for faster, more effective threat detection and response while unlocking new predictive capabilities that will enable defenders to anticipate an attacker’s next move and block them proactively.
XDR Addresses Rising Data Breach Costs
A recent global research report conducted by Cybereason, titled Ransomware: The True Cost to Business, revealed that the vast majority of organisations that have suffered a ransomware attack have experienced significant impact to the business, including loss of revenue, damage to the organisation’s brand, unplanned workforce reductions and business disruptions.
Additionally, the average cost of a data breach continues to rise. The IBM Cost of a Data Breach Study 2021 found that the price tag for a breach had increased to $4,24-million, the highest total cost in the history of the IBM report.
The study found that it took an average of 287 days for an organisation to find and detect a breach. This is a concern for organisations, as data breaches that last for longer than 200 days cost an average of $4,87-million. That’s compared to $3,61-million for breaches that organizations detect in fewer than 200 days.
An advanced XDR solution can automate threat detection and remediation to save analysts both time and effort by autonomously uncovering attacks and hunting for malicious activity and tactics, techniques, and procedures (TTPs) used by attackers in real-world campaigns.
XDR provides security teams with the complete attack story, including all related attack elements from root cause across all affected machines and users.
Your team will have the full context of an incident without all the noise of false positives, so they can instantly understand an attack and focus on what matters most. This allows security teams to detect sooner and remediate faster, ultimately reducing attacker dwell time and reducing the cost of security incidents.
The XDR Advantage
An advanced XDR solution enables organizations to embrace an operation-centric approach to security that delivers the visibility organisations require to be confident in their security posture across all network assets, and the automated responses to halt attack progressions at the earliest stages.
An XDR solution should also provide Defenders with the ability to predict, detect and respond to cyberattacks across the entire enterprise, including endpoints, networks, identities, cloud, and application workspaces.