Why does the XDR market exist?
The extended detection and response (XDR) market has emerged as a direct reaction to the current cyber security landscape. As many security vendors have started associating themselves with the XDR market, we’re launching this first post as a part of a blog series around XDR and the solutions associated with it. In this post, we’ll talk about the market trends and drivers that have created the necessity for the XDR category.
1. A fragmented enterprise, redefined perimeter and success of the cloud = explosive number of attack vectors and techniques
The modern enterprise, with complex business processes, distributed data storage and cloud apps has given rise to a myriad of cyber security threats, introducing new attack vectors and techniques for malicious actors to breach even the most protected organization. In this increasingly precarious environment, malware and threats proliferate – zero-days, social engineering, malicious insiders, and more all contribute to the need for solutions to defend organizations against it all.
2. Narrowly scoped security solutions in a fragmented security landscape are not capable of defending against attack vectors
And because of the variety and dynamic nature of cyber attacks, the market has been inundated with numerous solutions and tools like firewalls, email security, CASBs, EDRs, web gateways, IPS, NDR, IAM…the list and acronyms go on. Each security solution looks at a single (or sometimes several) attack channel or vector but no one solution can cover everything. Supporting threat detection, investigation, and response (TDIR) in a cost-effective way is hard as modern threats come in any number and combination of vectors and channels.
3. SIEMs have become unwieldy trying to address all types of security solutions
There’s already a category of solutions that helps combine and centralize the myriad of security solutions to look at everything in a broader scope: SIEMs. But, what was supposed to be a strength – the ability to combine various security tools and information to address threats – has become a weakness. SIEMs are trying to address too many use cases and as such have too many complicated features, knobs and dials to optimize to be easily usable. SIEMs are marketed as infinitely extensible and customizable – but that has now become a hindrance. They’re hard to operationalize and tune, due to the number of variables and features that are available. Taking months to stand up a SIEM solution and even longer to keep tuning and adding new rules is not efficient.
The market reaction: XDR
The reaction to all the above forces is the XDR market: a SaaS-based turnkey tool that a security or IT team can switch on – and it works. In a sense, the level of customization required to get efficient TDIR with SIEMs gave rise to XDR; a more prescriptive and narrow technology with a laser focus on achieving outcomes. Instead of spending time to endlessly customize the product to handle multiple use cases, analysts can immediately focus on threat detection and response across concerns like compromised credentials or malware so as to return the organization back to its known good state as efficiently as possible. XDR provides visibility across many important data sources — including endpoint, network, cloud, and others — to find threats missed by individual point solutions. XDR solutions are used to solve the threat investigation and response piece of the puzzle – the most common SOC task – at scale.
In future posts, we’ll delve deeper into what defines an XDR, use cases, and more. Feel free to let us know if there’s a topic around XDR that you’d like discussed.