Extended detection and response (XDR) emerges as the most effective technology for enterprises to discover and hunt down cyberthreats within IT environments and across various business tools, according to a report released last week from Forrester Research.
Existing EDR systems are designed to proactively hunt down, detect and analyze threats to provide immediate response. XDR advances those capabilities adding telemetry data, email security and cloud data.
Enterprise security teams are facing tremendous staffing issues that make it difficult to provide dedicated resources that allow companies to respond in real time to threats. Forrester sees XDR competing against legacy technologies like security information and event management (SIEM) and security orchestration, automation and response.
Though companies are investing more money in cybersecurity, 59% of global security decision-makers said their company's sensitive data was breached, Forrester research from 2020 shows.
The rising level of threats shows that companies need a faster, more proactive approach to hunting down threats before sensitive data is accessed, without the luxury of hiring additional personnel.
"The challenge with existing technologies like the SIEM is that they collect as much data as possible throughout the enterprise and then apply security analytics on top of it," Allie Mellen, analyst, security and risk at Forrester, said via email. "This means that, even though they are trying to achieve the same outcomes as XDR, they face different challenges at getting there, especially around collecting, correlating, querying and visualizing such massive data sets."
XDR, by comparison, bases detections on the endpoint, according to Mellen, which is validated for high efficacy detections. Ultimately the benefit of XDR is that data comes from additional telemetry sources, including network, cloud and email security.
"CISO's should consider XDR as a way to deliver endpoint detection and response with added context from other tools in their environment," Mellen said. "The aim of XDR is to help reduce investigation time through automated root cause analysis and reduce response time through the inclusion of recommended response actions."
Attackers know that security operations centers (SOCs) have certain limitations in terms of how quickly they can respond to threats and they also understand what will trigger an alert, according to Greg Young, vice president of cybersecurity at Trend Micro.
"XDR collects more telemetry to see stealthy attacks, using machine learning to join together individual events to form high confidence decisions and selective blocking options," Young said. "This gives the trinity of better visibility, without more people, and a faster time to detection and response."