Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester

#image_title

Why Read This Report


Extended detection and response (XDR) is the evolution of endpoint detection and response (EDR), providing optimized threat detection and response that spans security and business tools. In contrast to legacy SIEM approaches and current security analytics platforms, XDR is grounded in EDR, unifying it with other security tooling to give security analysts visibility, high-efficacy detection, and more-effective correlation, investigation, and response. This report defines XDR; highlights the distinctions between XDR, security analytics platforms, SIEM, and SOAR; showcases XDR from the operator’s perspective; and gives actionable recommendations for evaluating and implementing an XDR solution.

Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR
EDR Is Dead, Long Live XDR
by Allie Mellen
with Joseph Blankenship, Jeff Pollard, Steve Turner, Andras Cser, Alexis Bouffard, and Peggy Dostie
April 28, 2021

EDR Is Dead; Long Live XDR


Despite an increased investment in IT security, 59% of global security decision-makers responding to the Forrester Analytics Business Technographics® Security Survey, 2020 say that their firm’s sensitive data was breached at least once in the past year. Security teams need a simpler, more-effective way to approach the breach problem, and that is what XDR aims to achieve. XDR is the next evolution of EDR. XDR is emerging due to the value EDR brings to incident response (IR) and the appetite to pair EDR data with additional telemetry that can’t be captured from endpoints alone. Forrester defines XDR as:

The evolution of endpoint detection and response (EDR), which optimizes threat detection, investigation, response, and hunting in real time. XDR unifies security-relevant endpoint detections with telemetry from security and business tools such as network analysis and visibility (NAV), email security, identity and access management (IAM), cloud security, and more. It is a cloud-native platform built on big data infrastructure to provide security teams with flexibility, scalability, and opportunities for automation.
XDR’s value is driven by its security analytics capabilities, third-party integrations, and response actions.

Security pros considering XDR adoption should be aware that:
• EDR served as the proof of concept for XDR. EDR’s remarkable success served as validation that its detection and response capabilities allow security analysts to detect threats, perform investigations, and respond in real time. While EDR provides effective endpoint detection and response, security teams require more telemetry than just the endpoint. Security teams have used security analytics platforms, security information and event management (SIEM) solutions, NAV, and homegrown data lakes to match endpoint telemetry with security data from other parts of the environment. These efforts had varying degrees of success but suffered from extremely high resource consumption, a high rate of false positives, and sizable data volumes.


• XDR unifies EDR with other security and business tooling. Endpoints are the link between users and the enterprise. EDR gives granular visibility and provides precise response actions for these endpoints. However, it lacks visibility and response actions for other parts of the business, like non-endpoint related network telemetry, email behaviors, and cloud environments, leaving security analytics to pick up the slack. XDR provides needed visibility and control to other parts of the business through integrations that combine EDR data with other types of telemetry.


• XDR is on a collision course with security analytics and SOAR. XDR will compete head to head
with security analytics platforms (and SIEMs) for threat detection, investigation, response, and
hunting. Security analytics platforms have over a decade of experience in data aggregation they
apply to these challenges, but have yet to provide IR capabilities that are sufficient at enterprise
scale, forcing enterprises to prioritize alternate solutions. XDR is rising to fill that void through a
distinctly different approach anchored in endpoint and optimization.


• XDR is offered as hybrid or native. In the Forrester Analytics Business Technographics Software
Survey, 2020, 22% of software decision-makers said that one of their main concerns with using
software as a service is the challenge of integrating with other applications. To that end, XDR is
offered in two ways: Hybrid XDR relies on additional security tools from other vendors, whereas
native XDR is tightly aligned with other security tools in the vendor portfolio and is often sold as a
package deal.

Download & read the complete report below 👇👇👇

Facebook
Twitter
LinkedIn
Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *