Why XDR is the TOP Security Initiative for 2021
By Doron Davidson, Founder and VP of BD, SecBI.
Before deciding which cybersecurity investments to make in 2021, enterprises must prioritize. What are the biggest gaps in our security coverage? Where should we target our budget this year? Which solution(s) will improve our security posture the most?
According to Gartner, if you can afford to undertake only one major security project in 2021, Extended Detection and Response (XDR) should be your top choice. The reasons are many and we’ll get to those later in this article.
First, SecBI wanted to find out what enterprises think about XDR and whether they plan on taking Gartner’s advice regarding implementation. We conducted a survey among enterprise security professionals at the C-level and in the SOC, to gauge where they stand on XDR. A variety of roles responded to our survey and we think this accurately reflects the diversity of XDR stakeholders in the enterprise. Since XDR is a solution that unifies multiple security products and cuts across a wide swath of operational siloes, its effects (i.e., benefits) will be felt by many different roles within the IT and cybersecurity organization.
Apparently, the beneficial effects of XDR are something most enterprises want and need. As noted in our SecBI XDR Survey Report, nearly 80% of security professionals said XDR should be a top cybersecurity priority for their organization. What’s more, they are making it so, as 75% of organizations plan to implement XDR in 2021 or 2022. That’s a big vote of confidence for XDR.
We believe that significant traction gained by XDR over the last several months is a result of this confidence that XDR is a platform that can truly deliver on the promise of integrating the diverse tools into a unified threat detection and response operation – and not another tool that creates more alerts for teams that are already stretched thin. XDR is a solution that automates and integrates the tools they’ve already deployed, so companies can strengthen their security posture across the board.
When we asked enterprises how they intend to use XDR and what they expect to gain, we found that 59% of security professionals want to achieve real and measurable improvements in their bread-and-butter KPIs – MTTD (Mean Time to Detection) and MTTR (Mean Time to Response). What’s more, 45% want to achieve better security performance without having to hire additional cybersecurity experts, which are costly and hard to come by.
This need to do more with less appears to be driven by security budgets. The majority of our respondents said their organization’s security budget is staying the same and nearly a quarter of respondents predict a decrease in budget. Stagnant budgets also seem to indicate a realization that throwing more people at siloed security operations isn’t going to improve MTTD and MTTR. Moreover, the cost and scarcity of expert security resources, means that a people-based response cannot scale with the pace of alerts.
Enterprises have plenty of security tools in place. What they lack is integration and intelligent automation so security teams can see and understand the complex, multi-vector threats they face and respond to them quickly and effectively.
Not surprisingly, our survey found that only 6% of enterprises rely on single vendor for security operations. The vast majority (94%) deployed best-in-class tools from multiple vendors as they built their security infrastructure over the years. To maximize their benefit from XDR and incur the least risk, it makes sense for the 94% to adopt a vendor-agnostic XDR platform that is able to integrate security data from the security controls of multiple vendors and to automate their response. In this respect, we believe the value of vendor-agnostic XDR can be easily conveyed to management. Not only will the company’s investment in existing security tools be protected, the performance and efficacy of those tools will be strengthened.
XDR is the only investment that converges and correlates all the point products in your cybersecurity arsenal, enabling threat detection and response operations to be integrated, automated, and much more effective.
Got Multi-vendor Security? Get Universal XDR.
There are two main approaches to XDR. One approach is championed by vendors like Palo Alto who are integrating their own portfolio of security products with a proprietary XDR platform. The other approach is promoted by universal XDR vendors, like SecBI, whose agile XDR platform provides a vendor-agnostic overlay to enable seamless integration and interoperability of the endpoint, network, and cloud security tools that enterprises have already deployed.
The most glaring drawback of Proprietary XDR is vendor lock-in, which requires the entire cybersecurity architecture to rely on one vendor.
With Universal XDR, it doesn’t matter how many different security systems and tools the organization has. There is no need to replace legacy tools or to align with a single vendor. On the contrary. Universal XDR helps to extract more value from the organization’s existing security architecture and to leverage it for better and wider protection. This is of critical importance to enterprises that have invested millions in their security infrastructure.