Evaluating XDR Solutions? Caveat Emptor - Buyer Beware
Don’t be fooled by marketing ploys from vendors touting their latest big dollar acquisition of technologies they can’t integrate but still try to pawn off as XDR...
Anthony M. Freed
A recent SecBI survey found that many organizations are in the process of adopting Extended Detection and Response (XDR). Nearly 80% of infosec personnel who responded to the survey said that XDR should be a top security priority for their organization.
In support of this viewpoint, 68% of survey participants also said that their organizations were planning to implement XDR in 2022. Slightly fewer (59%) revealed that they specifically intended to use XDR to improve their mean time to detect (MTTD) and mean time to respond (MTTR).
The survey findings presented above emphasize the following reality: XDR needs to drive security strategies for organizations in 2022. There are three reasons for this - let’s explore each of them in detail below.
First, the cybersecurity skills shortage remains a problem for many organizations, and a recent report conducted by the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG) provides some insights. It revealed that a heavier workload (62%), unfilled positions (38%) and worker burnout (38%) are contributing to the skills gap, and most (95%) said they believe the gap has not improved in recent years.
The problem with the skills gap is that it complicates organizations’ security efforts. Together, these factors make it more difficult for security personnel to weed through things like false positives so that they can defend their employers against legitimate security concerns.
Things don’t look like they’ll be improving anytime soon, either. SecurityWeek wrote that burnout from recent incidents like SolarWinds, Kaseya, and Log4j is driving skilled practitioners to leave their positions. The publication went on to note “the cybersecurity skills shortage will reach critical levels with no relief in sight” by the end of 2022 as directors, managers and other leaders also join in on the “Great Resignation.”
Infosec teams are also facing burnout and overload from low-context alerts and false positives. As organizations expand, SIEM and SOAR solutions struggle to scale and become increasingly cost-prohibitive. An advanced XDR solution provides a unified investigation and response experience that correlates telemetry across remote endpoints, mobile devices, cloud platforms, and applications in order to predict, prevent and end malicious operations.
Second, organizations use lots of different security tools, which is contributing to complexity across their environments. Help Net Security covered a survey that revealed how enterprises use an average of 19 different security tools. What’s interesting is that many survey participants weren’t convinced of these technologies’ effectiveness.
For example, 85% of security decision makers said in the study that they’re deploying new technologies faster than they can productively use them. Slightly less (71%) said that their current tools are underutilized and that the time needed to manage those solutions is limiting teams’ ability to defend against threats.
Digital attackers are aware of these operational complexities. Per Dark Reading, many malicious actors use this to their advantage by exploiting vulnerabilities in tools that lack secure communications or regular updates. In doing so, they’re banking on organizations’ technologies not communicating with one another, an oversight which can enable these nefarious individuals to conduct reconnaissance, move laterally, and exfiltrate information while evading detection.
An advanced XDR solution works to break down the data silos across devices, applications, productivity suites, user identities, and cloud deployments that attackers rely on to remain undetected. Advanced XDR unifies network, device and identity correlations for faster, more effective threat detection and response while unlocking new predictive capabilities that will enable defenders to anticipate an attacker's next move and block them proactively.
A recent global research report conducted by Cybereason, titled Ransomware: The True Cost to Business, revealed that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact to the business, including loss of revenue, damage to the organization’s brand, unplanned workforce reductions and business disruptions.
Additionally, the average cost of a data breach continues to rise. The IBM Cost of a Data Breach Study 2021 found that the price tag for a breach had increased to $4.24 million, the highest total cost in the history of the IBM report.
Various factors played a part in moving that price up or down. They included security maturity, the use of AI, and the adoption of Zero Trust. They also included dwell time, or the period between when attackers first established a foothold in a victim’s network and when that victim’s security tools ultimately detected the intrusion.
The study found that it took an average of 287 days for an organization to find and detect a breach. This is a concern for organizations, as data breaches that last for longer than 200 days cost an average of $4.87 million. That’s compared to $3.61 million for breaches that organizations detect in fewer than 200 days.
An AI-driven XDR solution can automate threat detection and remediation to save analysts both time and effort by autonomously uncovering attacks and hunting for malicious activity and tactics, techniques, and procedures (TTPs) used by attackers in real-world campaigns.
XDR provides security teams with the complete attack story, including all related attack elements from root cause across all affected machines and users. Your team will have the full context of an incident without all the noise of false positives, so they can instantly understand an attack and focus on what matters most. This allows security teams to detect sooner and remediate faster, ultimately reducing attacker dwell time and reducing the cost of security incidents.
An advanced XDR solution enables organizations to embrace an operation-centric approach to security that delivers the visibility organizations require to be confident in their security posture across all network assets, and the automated responses to halt attack progressions at the earliest stages.
An XDR solution should also provide Defenders with the ability to predict, detect and respond to cyberattacks across the entire enterprise, including endpoints, networks, identities, cloud, and application workspaces.
Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about AI-driven Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.
Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.
All Posts by Anthony M. FreedDon’t be fooled by marketing ploys from vendors touting their latest big dollar acquisition of technologies they can’t integrate but still try to pawn off as XDR...
If a security provider’s EDR can’t handle all the endpoint telemetry required to detect and end attacks faster and more efficiently, you can be sure their XDR platform suffers similar limitations...
Don’t be fooled by marketing ploys from vendors touting their latest big dollar acquisition of technologies they can’t integrate but still try to pawn off as XDR...
If a security provider’s EDR can’t handle all the endpoint telemetry required to detect and end attacks faster and more efficiently, you can be sure their XDR platform suffers similar limitations...
Get the latest research, expert insights, and security industry news.
Subscribe