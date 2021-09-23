Key Findings
– Customers indicate they continue to struggle with efficient security operations. On aggregate, only 54% indicate that they have a security operations center, while more than 90% indicate they can’t investigate all the security alerts they receive on a typical day.
– Extended detection and response (XDR) rises as a potential approach to accelerate security operations outcomes – triage, investigations, incident response or threat hunting – while reducing efforts when compared with SIEM.
– Nearly 40 vendors are offering XDR capabilities aligned across three major themes: telemetry-centric, analytics-centric and services-centric.
Introduction
Even before the COVID-19 pandemic, security teams – particularly those dealing with security operations workflows such as triage, investigations, incident response or threat hunting – were already dealing with ever-growing complexity in multiple dimensions. Modern attack patterns change, leveraging automation in combination with human actors to burrow deep within organizations. Technology platforms change with the rise of cloud-based environments and modern application development practices that emphasize shorter time to value. The broader penetration of IT services across the entire business brings more diverse initiatives, which are often being pursued in parallel by an increasing number of teams, each potentially using custom tooling that is exactly right for their jobs.
The Rise of Extended Detection and Response
