eXtended detection and response (XDR) is gaining market traction, according to a report by Trellix, a San Jose, California-based startup providing an XDR platform.
The merger of McAfee Enterprise and FireEye, backed by private equity firm Symphony Technology Group, was rebranded as Trellix earlier this year and dove into the XDR security solutions market. It’s clear the XDR segment is growing, with many security providers, including endpoint, network and cloud, adding capabilities to their portfolios.
But the competitive landscape has intensified as well. A recent ESG survey indicated that nearly 90% of organizations were working on or planning to work on XDR technology. Still, it’s safe to say that XDR remains somewhat a work in progress.
Trellix global partner program information is here.
The Negative Impact of the Cyber Skills Shortage
In a newly-released survey of some 376 IT and cybersecurity professionals in North America conducted in conjunction with researcher ESG examining security operations dynamics, some 81% said the cybersecurity skills shortage had negatively impacted their operations.
Here are some top level data from the survey:
- Users want XDR to address common threat detection and response challenges. Current tools require specialized skills, struggle to detect and investigate advanced threats and aren’t effective at correlating alerts.
- CISOs look to XDR, especially advanced threat detection, to improve security efficacy. They also want XDR to streamline SecOps and bolster staff productivity to alleviate staff shortages.
- SecOps want XDR to prioritize alerts based on risk, improve detection of advanced threats, create greater efficiency in forensic investigations, reinforce security controls and prevent future attacks.
“SecOps teams need a better way to collect, process, analyze, and act upon massive amounts of data,” said Aparna Rayasam, Trellix’s chief product officer. “Trellix meets this need head on by pulling all the data into one holistic view so teams can work smarter and respond faster.”
What Security Pros Think
Here are 10 drill down data points on security operations:
- 61% of security professionals claim that they are very familiar with XDR technology. While this is an improvement from ESG’s 2020 research (when only 24% of security professionals were very familiar with XDR), 39% are still only somewhat familiar, not very familiar, or not at all familiar with XDR.
- 52% of security pros believe that XDR will supplement existing SecOps technologies.
- 51% of security pros said that the struggle of current tools to investigate and advanced threats is an XDR driver.
- Users are confused about XDR. While 55% of respondents say that XDR is an extension of EDR, 44% believe XDR is a detection and response product from a single security technology vendor or an integrated and heterogeneous security product architecture designed to interoperate and coordinate on threat prevention, detection, and response.
- 85% use managed services for a majority or portion of their SecOps.
- 52% of organizations believe security operations (SecOps) are more difficult today than they were two years ago.
- 80% of organizations use more than 10 sources as part of SecOps.
- More than a quarter (29%) of organizations use some type of security orchestration, automation, and response (SOAR) tool for process automation.
- 93% of security professionals agree that their SOAR is effective for automating complex end-to-end security operations processes and for automating/orchestrating basic SecOps tasks.
- 90% of organizations currently automating security operations processes, with 46% describing their automation efforts as extensive.
Trellix Advances Security Ops
According to Trellix, since its launch earlier this year, the company has accomplished the following:
- Completed the Security Operations platform integration with Trellix Insights for more proactive intelligence to improve detection and response and preempt threats.
- Streamlined XDR workflows and integrated user experiences across the Trellix portfolio.
- Added Trellix Automated Response to the cloud native SecOps platform, giving users flexibility for both on-prem and cloud-based playbooks.
- Integrated Data Loss Prevention policy and incident management into the Security Operations platform to enrich an analyst’s context and accelerate workflows.
- Increased email intelligence to improve detection and response of advanced threats and campaigns.