For SOCs looking to improve their ability to detect and respond to threats efficiently and effectively, Extended Detection and Response (XDR) has generated increasing amounts of excitement and discourse in the industry. XDR was one of the hottest topics at RSA 2022, but like with many “hot new trends,” perspectives on what XDR actually is, and how it can help SOCs, are still developing. For security leaders, getting a clear understanding of just that — what XDR is and how it can help — is the first step to unlocking its potential.

With all the hype, it is important to consider the perspectives of respected industry analysts — who have seen the rise and fall of many hot trends — to understand what they think about this topic. IBM has sponsored ESG’s independent survey of 376 IT and security professionals involved with cybersecurity technology and processes to ask them about their perspective on SOC modernization and the role of XDR. The comprehensive survey digs into topics like the role of XDR, how it fits into a SOC, how it can help in SOC operations and more. In this blog, we dive into some of the key research findings of the survey, including the five key trends on SOC modernization.

1. More data and better detection rules are still desired

ESG’s research indicates that organizations are using more data for security and they want to use even more. The data shows that 80 percent of organizations use more than 10 data sources for security operations. These data sources include endpoint data, log data, network data, cloud data, threat intelligence and more. In addition, there is a desire for more custom detection rules. Organizations not only want content from their vendors, but they also want the ability to customize that content or write their own rules as well.

Recommendation: Look for an XDR solution that can pull from a wide variety of data sources while helping reduce tool sprawl and consolidate your tools. Consider your team’s bandwidth for writing detection content, and choose a vendor who offers a combination of out-of-the-box rules to save your team time and the ability to create custom rules based on your team’s needs.

2. SecOps process automation investments are proving valuable to organizations

According to ESG research, most organizations have invested in varying degrees of automation in SOC operations. In fact, the research shows that 90 percent of organizations have already invested in security automation for SOC operations, with nearly half investing extensively. The level and primary objectives of automation vary, but their investments are paying off.

Recommendation: Choose an XDR solution that can offers automation and AI capabilities that both augment your existing AI implementations and automate some of the manual tasks that security analysts may be doing today in your organization.

3. MITRE ATT&CK framework is proving valuable for most organizations

Most organizations are now using the MITRE ATT&CK framework for their security operations, not just as a reference architecture. In fact, the research shows that 89 percent of organizations utilize the MITRE ATT&CK framework for multiple security operations use cases — from understanding the tactics, techniques, and procedures of cyber adversaries, to a guideline for assessing SOC maturity.

Recommendation: Select an XDR solution that maps to MITRE ATT&CK framework and provides contextual threat intelligence to improve prioritization, root-cause analysis and response — thereby improving your SOC maturity.

4. XDR momentum continues to build

While the market is still coming to terms with the definition of XDR, it is very clear from ESG’s research that most organizations are looking to adopt a more robust XDR solution. In fact, the research shows that nearly half of the surveyed organizations see XDR as a path to break down problematic silos — from threat intelligence to MITRE ATT&CK mapping, to custom detection rules and more.

Recommendation: Look for an XDR solution that is open so it not only works with that vendor’s stack but with most tools in your current security operations. By creating a platform for your security operations, SecOps teams can work closely to check on the supported threat intelligence feeds and create custom rules.

5. The use of managed detection and response (MDR) is mainstream and expanding

Given the lack of security skilled resources that organizations are facing today, ESG’s research indicated that most organizations are looking for not just help with the product (XDR), but also the services (MDR) surrounding the product. In fact, the research shows that currently 85 percent of organizations are using managed services for security operations. This can help augment the skills organizations have, and also allow them to focus on more strategic security initiatives.

Recommendation: Consider a vendor who offers not just an XDR product solution but also the necessary professional or managed services that can help your team. Look at options around staff augmentation, deployment and managed security services so your existing staff is appropriately supported.

Download the Report

Detect and eliminate threats faster with the leading XDR suite

IBM Security QRadar XDR aligns with all of the key findings called out in the ESG survey. It provides comprehensive visibility across security tools and data sources, whether in the cloud or on-premises, and offers security teams valuable insights that they can use to act quickly. It drives analyst productivity by automating the work of enriching, correlating and investigating threats with purpose-built AI and pre-built playbooks, including automated root cause analysis and MITRE ATT&CK mapping.

QRadar XDR provides the industry’s broadest open XDR ecosystem that integrates EDR, SIEM/UBA, NDR, SOAR, Threat Intelligence and more, while providing a unified interface to display key information from all the sources while leaving the source data where it is. All of this helps speed up alert triage, threat hunting, investigation and response.

IBM Security can also offer Managed Detection and Response services, as part of the industry’s broadest portfolio of solutions that manage the full threat management lifecycle with turnkey support — to help improve SOC productivity, reduce attack dwell time and rapidly respond to threats 24/7.

Learn more about ESG’s findings

We invite you to download the report and attend an engaging webinar that will feature an interesting panel discussion with experts to explore this XDR topic and findings in more detail. Sign up and see how you can best leverage an XDR solution within your environment.

Register for the Webinar

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today