Extended detection and response describe a unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components. Security and risk management leaders should consider the risks and advantages of an XDR solution.
Overview Key Findings
- – Security and risk management leaders are struggling with too many security tools from different vendors with little integration of data or incident response.
- – Extended detection and response (XDR) products are beginning to have real value in improving security operations productivity with alert and incident correlation, as well as built-in automation.
- – XDR products may be able to reduce the complexity of security configuration and incident response to provide a better security outcome than isolated best-of-breed components.
- – XDR products have significant promise, but also carry risks such as vendor lock-in. The XDR market is immature and capabilities vary widely across products from different vendors.
- – SRM leaders looking to improve infrastructure security operations productivity and detection and response should:
- – Work with stakeholders to determine if an XDR strategy is right for your organization based on staffing and productivity levels, level of the federation of IT, risk tolerance, and security budget. Develop a gap analysis between your existing capabilities and those you’d want to have from an XDR solution.
- – Conduct thorough product evaluation and testing to ensure outcomes meet the promises of this fledgling capability.
- – Develop an internal architecture and purchasing policy that is in line with your XDR strategy, including when and why exceptions might be permissible. Ensure that future security purchases and planned technology retirements are aligned with a long-term XDR architecture strategy.
- – Outsource to a managed security service provider (MSSP) that can build an XDR substitute if it is likely to be beyond the skill sets of existing staff.