Skip to main content
close search
site logo
Dive Brief

XDR to succeed legacy technologies as emerging threats pressure security

Published May 3, 2021
David Jones's headshot
Reporter
Illustration of locks layered above circuity.
Traitov/iStock/Getty via Getty Images

Dive Brief:

  • Extended detection and response (XDR) emerges as the most effective technology for enterprises to discover and hunt down cyberthreats within IT environments and across various business tools, according to a report released last week from Forrester Research. 

  • Existing EDR systems are designed to proactively hunt down, detect and analyze threats to provide immediate response. XDR advances those capabilities adding telemetry data, email security and cloud data.

  • Enterprise security teams are facing tremendous staffing issues that make it difficult to provide dedicated resources that allow companies to respond in real time to threats. Forrester sees XDR competing against legacy technologies like security information and event management (SIEM) and security orchestration, automation and response.

Dive Insight:

Though companies are investing more money in cybersecurity, 59% of global security decision-makers said their company's sensitive data was breached, Forrester research from 2020 shows. 

The rising level of threats shows that companies need a faster, more proactive approach to hunting down threats before sensitive data is accessed, without the luxury of hiring additional personnel. 

"The challenge with existing technologies like the SIEM is that they collect as much data as possible throughout the enterprise and then apply security analytics on top of it," Allie Mellen, analyst, security and risk at Forrester, said via email. "This means that, even though they are trying to achieve the same outcomes as XDR, they face different challenges at getting there, especially around collecting, correlating, querying and visualizing such massive data sets."

XDR, by comparison, bases detections on the endpoint, according to Mellen, which is validated for high efficacy detections. Ultimately the benefit of XDR is that data comes from additional telemetry sources, including network, cloud and email security. 

"CISO's should consider XDR as a way to deliver endpoint detection and response with added context from other tools in their environment," Mellen said. "The aim of XDR is to help reduce investigation time through automated root cause analysis and reduce response time through the inclusion of recommended response actions."

Attackers know that security operations centers (SOCs) have certain limitations in terms of how quickly they can respond to threats and they also understand what will trigger an alert, according to Greg Young, vice president of cybersecurity at Trend Micro. 

"XDR collects more telemetry to see stealthy attacks, using machine learning to join together individual events to form high confidence decisions and selective blocking options," Young said. "This gives the trinity of better visibility, without more people, and a faster time to detection and response."

Filed Under: Strategy

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell