The Impact of XDR in the Modern SOC
Threat detection and response is a core component of modern security programs, driving investment in tools to improve visibility, efficacy, and efficiency. As organizations commit to and extend EDR, NDR, or other security analytics solutions in support of broad threat detection and response programs, new opportunities arise for XDR. Organizations can increase business agility when threats are better understood and controlled. Rapidly and effectively correlating threat data across multiple threat vectors leads to increased threat visibility, more rapid and automated response and mitigation, and a reduced dependence on highly skilled security analysts.
More telemetry is generally desired, but correlation and analysis is a heavy lift. Most organizations can see value in combining threat data from multiple threat vectors to provide context and accelerate detection and response; however, most lack the expertise and tools to correlate data, often leading to the reactive elimination of point threats without understanding broad attack campaigns. Additionally, many organizations don’t have SIEMS today or don’t have the resources to learn, configure, or operate a SIEM successfully. In order to gain insight into these trends, ESG surveyed 388 IT and cybersecurity professionals at organizations in North America (US and Canada) personally responsible for evaluating, purchasing, and managing detection and response strategies, processes, and technologies.