As more and more organizations are looking to rationalize investments into XDR capabilities, there’s been an appetite to understand and measure how XDR can improve the output of security teams. To answer this question, Trend Micro and ESG studied organizations utilizing detection and response techniques today, including automating the aggregation, correlation, and analysis of security data across multiple security controls to detect and respond to modern threats.
Before undertaking the research, it was hypothesized that those who invested in XDR-like automation techniques would experience enriched outcomes, including faster identification of complex attacks, improved response times, more efficient use of security personnel, and an overall improvement in security posture. These hypotheses all proved to be true as the surveyed organizations were able to react to significantly fewer alerts, resulting in the ability to investigate and respond to threats faster.
ASSESSING THE DETECTION AND RESPONSE LANDSCAPE
ESG surveyed 500 respondents across multiple industries in North America with the intention of capturing up-to-date approaches to detection and response, which includes investment in various types of automation. As expected, 85% of organizations reported that detection and response is becoming more difficult. Additionally, 81% of respondents report that improving detection and response is a high priority, something that is reflected by budget allocation for detection and response capabilities in 2020. Fifty-seven percent of respondents say that one of the primary challenges they are facing comes from the fact that the threat landscape is getting exponentially more sophisticated, while 41% believe that the complexity of their overall security stack is overwhelming. Finding enough skilled resources further continues to plague 39% of organizations.
A SIEM IS NOT XDR. XDR IS NOT A SIEM
As SIEMs are popular (with 79% of recipients employing their services) and have added value in the past, 57% report that they are noisy and require expert operators. In addition, 83% of participant say that SIEMs either require ongoing and significant investment to integrate or need to be highly customized in order to effectively aggregate telemetry. Plus, when it comes correlation, 55% of organizations see room for improvement.
For organizations who ingest their raw telemetry data directly into the SIEM without some sort of processing or correlation, half experience inflated SIEM costs based on dealing with a lot of redundant alerts and data. This increased operational cost is in addition to the cost of trying to deal with the data directly through the SIEM.
XDR HELPS ORGANIZATIONS KEEP UP WITH THE THREAT LANDSCAPE
As this report shows, organizations that have invested in the correlation of data across multiple security vectors are able to detect and respond faster, handle more alerts, and improve their overall security posture. While many businesses have attempted to achieve similar results through a SIEM, more than half are unsatisfied with the level of complexity, redundancy, and expert resources required to operate it. XDR delivers highly relevant alerts and visibility to all security teams, empowering them without the high cost and complexity associated with building a custom infrastructure to support it. For organizations that are already struggling to keep up, XDR offers an accelerated path to increasing both visibility and the ability to respond faster to threats.
Read our report, “The XDR Payoff: Better Security Posture,” or watch our webinar "The XDR Payoff: Better Security Posture" to learn about quantifiable positive business outcomes achieved by XDR adopters, including examples of organizations who have decreased the number of successful attacks.