An increasing number of security decision makers at organizations are looking to eXtended Detection and Response (XDR) technology to fight hackers looking to take advantage of an expanding attack surface, a recent research study found.
What is XDR? A unified security solution that collects threat data from an organization’s technology stack, including endpoints, cloud workloads, servers, email and other areas on the network, rather than individually siloed security tools.
The survey, sponsored by eSentire and Exterro, was conducted in March and April 2022 among 300 U.S.-based IT and cybersecurity decision-makers and influencers. It was conducted by CRA Business Intelligence, the research arm of CyberRisk Alliance, and aimed to gauge how well security teams are managing detection and response and their readiness for XDR purchases and deployments. (Full disclosure: CyberRisk Alliance is the parent company of MSSP Alert).
Related: What Is XDR and Who Should Buy In (source: SC Media)
XDR Research Findings
Among the survey’s key findings:
- The lack of visibility or context from existing security solutions caused 47% of respondents to miss threats at least once in the past 12 months.
- Only 17% are very satisfied with their ability to correlate security data across all products and services. Without the ability to see anomalies and/or malicious activities as they occur and across the spectrum of products and services, it’s impossible to catch everything.
- Poor visibility into network threats was a significant problem for monitoring employee-owned endpoints, software vendors and third-party partners, with mean visibility scores of 4.6, 4.6, and 4.5 (out of 7), respectively.
- While familiarity with XDR is high (70%), current adoption of an XDR platform is relatively low — only 12% of respondents reported using this technology.
Managed XDR Services: Expanding Rapidly
Meanwhile, Microsoft has just expanded its managed security capabilities to include threat hunting, managed XDR and SIEM capabilities for enterprise customers. The overall effort, called Microsoft Security Experts, underscores the company's global commitment to cybersecurity and risk mitigation. And it further blurs the line between software companies and managed security services, particularly in Managed Detection and Response (MDR), XDR and incident-response capabilities.
Rivals, such as Mandiant, Palo Alto Networks, Trellis and others with XDR offerings are likely to make similar moves to involve MSSPs. And, OpenText — the software company parent of AppRiver, Webroot and Carbonite — is also pushing into managed extended detection and response (MxDR) services for MSSPs and MSPs.
“Less than 1 in 5 respondents say they are very satisfied with their ability to correlate security data across all products and services — no wonder there’s great interest in XDR platforms,” said Matt Alderman, executive VP at CyberRisk Alliance. “Our latest XDR research reveals only 12% are currently using it, but 77% are likely to invest in XDR in the next two years.”