Introducing IBM Security QRadar XDR
Published on 22 Oct 2022
When asked to name the business priorities that would drive IT expenditure over the next 12 months, over half (47%) of those polled in ESG's 2021 Technology Spending Intentions Survey named cybersecurity. 1 This is a significant realization. Organizations need solid cybersecurity procedures and controls as a basis for corporate health and profitability in the era of cloud computing, digital transformation, and remote worker support.
Given the inextricable link between business, information technology, and security, it is reasonable to presume that firms have updated their security operations centers (SOCs) to identify and react to cyber-threats in real time. This assumption, however, would be incorrect—many SOC teams fail to keep up with new threats. What is the current state of threat detection and response, and are there any hopeful advancements in the near future? This white paper closes by saying:
- Organizations have a variety of threat detection and response objectives. Threat detection and response goals for SOC teams include improving detection of advanced threats, boosting process automation surrounding remediation activities, and improving incident response (IR) time. These objectives indicate that current tactics are ineffective.
- There are several threats to identify and respond to. Threat detection and response professionals acknowledge a slew of obstacles, including increased security operations complexity, resource limits, a growing/changing attack surface, dependence on unconnected point solution products, and difficulty with data analysis and decision making. These challenges have an influence on the efficacy, efficiency, and productivity of security operations analysts.
- DR may aid in the identification and response to threats. Like ESG's security operations and analytics platform architecture (SOAPA), XDR (eXtended detection and response) has developed as a commercial security operations architecture. XDR has the potential to increase threat detection and response while also updating SOCs, even if it is still in its early stages.
- The best XDR systems should provide enterprise-level capability. ESG thinks that XDR systems should offer incident response coverage across heterogeneous IT infrastructures, powerful analytics, and automated playbooks. XDR should be cloud-based and designed utilizing industry standards, open APIs, and common data formats to fulfill scalability and integration requirements. Integration will also be promoted by leading XDR suppliers via partnerships and developer support services.
Threat Detection and Response in the United States
Most firms prioritize threat detection and response because cyber-attacks such as ransomware and supply chain breaches may disrupt or even cease commercial operations. As a consequence, 83% of firms anticipate increasing expenditure on threat detection and response technology, services, and staff during the next 12 to 18 months. Organizations have a variety of threat detection and response goals to combat cyber-threats, including:
- Enhancing detection of sophisticated threats. Organizations aim to improve detection rules and analytics to speed up the detection of known and undiscovered threats. Enhancement approaches for detection include increased anomaly detection, greater fidelity security warnings, more detailed attack "timelines" throughout the kill chain, and support for complicated queries for more advanced threat hunting.
- Increasing remediation task automation. Security operations duties for threat mitigation and incident response are often relied on manual procedures and the SOC team's "tribal knowledge." This practice may have been suitable in 2010, but manual methods cannot grow to meet the amount of security alerts or analytics requirements across heterogeneous IT infrastructure. SOC teams recognize the need of automating repetitive operations and orchestrating reaction actions for alert triage, security investigations, and threat prevention. Automation may help to simplify operations, increase analyst productivity, and keep the SOC team focused on continual improvement.
- Shortening the average time to react to threats. Once threats have been identified, incident response must begin rapidly in order to decrease adversary dwell periods and limit damage. This comprises stopping active cyber-attacks, determining the blast radius of assaults, and finally repairing any residual vulnerabilities or remains of the attacks. CISOs understand the need of hastening this process.
To the rescue, XDR?
Recognizing the need for closely integrated security operations technologies, ESG introduced the "security operations and analytics platform architecture" idea for the first time in 2016. This form of integration is gradually gaining momentum. In a recent ESG study project, security professionals were questioned if their firms prioritized the integration of security analytics and operational technology. Integrating security analytics and operations technology was the biggest priority for 37% of survey respondents, while 56% stated it was one of their top five objectives.
Download ESG's whitepaper to learn more about Introducing IBM Security QRadar XDR only on Whitepapers Online.