kras99 - stock.adobe.com
TechTarget's Enterprise Strategy Group (ESG) research consistently reports that organizations think security operations is progressively more difficult, despite the continued investment in more tools and the availability of more security data.
Beyond the most widely discussed issues -- growing attack surfaces, too many security tools, a shortage of cyber talent and an overwhelming amount of security data -- security teams report they are so busy fighting fires that they don't have time to modernize their security programs.
How are security leaders responding? With extended detection and response (XDR) and managed detection and response (MDR).
XDR: Enter stage left
The XDR movement was born as a response to security operations challenges and a growing and increasingly complex threat landscape. The security industry has a long history of solving complex challenges by applying more technology. Every year, new cybersecurity companies emerge with new options to add automation to the many layers of security architecture.
When the first XDR products emerged, SecOps teams responded with an urgent level of hope that a more holistic, comprehensive view into threat activity across many threat vectors may reduce the pain involved in threat detection, investigation and response. Three years later, more than half of security vendors have attached their offerings to the XDR movement in hopes of meeting the expectations of security practitioners around the world. With plentiful and varied XDR offerings, however, much confusion has ensued, leaving many buyers unsure about how and where to invest to advance their security operations agenda.
MDR: Enter stage right
With so many organizations lacking more than just technology, security leaders are turning to third-party security service providers -- mainly MDR providers -- for help. My recent research found more than 85% of organizations are currently engaged with or are planning to work with an MDR provider in the coming year.
MDR isn't just about offloading basic threat detection and response. Instead, security teams are using MDR providers for multiple use cases, including the following:
- Security program development.
- Supplementing existing SecOps staff.
- Access to expert security resources.
- Threat intelligence.
- Full outsourcing of security operations.
- Proactive threat hunting.
XDR, MDR or both?
XDR and MDR investments are on stage for security teams of all sizes and across most industries -- and both are contributing positive outcomes toward SOC modernization efforts.
Respondents using or considering MDR said XDR is core to the conversation and that they expect MDR providers to monitor, analyze and respond to threats across many vectors, including advanced threats that use multiple vectors. The XDR movement has not only raised the bar for what is expected from security vendors, but it has also raised the bar for what is expected from MDR providers.
This raises the next important question: What class of security provider is the right place to look for XDR and MDR products or services that are right for your organization?
ESG research found that XDR and MDR are being sourced from security platform providers, endpoint security vendors, network security vendors and cloud security vendors in almost equal numbers. It's not totally surprising, especially given that MDR offerings are available as services extensions to many point products, including endpoint detection and response, XDR, MDR, cloud detection and response, identity threat detection and response and more.
This brings up the next interesting finding from my MDR research: More than half of respondents said they are engaged with two or more MDR providers concurrently, in combinations that include one for network and another for endpoint or cloud. Some MDR providers are brought in to support a specific application or business unit. Given the uses cases outlined above, it makes sense to engage outside services to help where and when they are needed versus a one-size-fits-all approach.
As hybrid offerings emerge -- some are referred to as managed XDR services -- XDR and MDR are coming together to offer security teams relief and strategic help for the long haul. When asked how respondents would describe their organization's MDR provider, I'm happy to report 79% said their MDR provider is "a strategic operating partner that has improved our overall security program." I'm impressed. MDR has become a critical operating strategy for security teams and is apparently delivering real value for most.
As I continue to look at the progress of the XDR movement and the use of MDR, I'm convinced both XDR and MDR play a key role in SOC modernization. If your organization is considering or already invested in either, I strongly recommend you consider how your XDR and MDR strategies can work together to accelerate your overall security operations program development.