For SOCs looking to improve their ability to detect and respond to threats efficiently and effectively, Extended Detection and Response (XDR) has generated increasing amounts of excitement and discourse in the industry. XDR was one of the hottest topics at RSA 2022, but like with many “hot new trends,” perspectives on what XDR actually is, and how it can help SOCs, are still developing. For security leaders, getting a clear understanding of just that — what XDR is and how it can help — is the first step to unlocking its potential.

With all the hype, it is important to consider the perspectives of respected industry analysts — who have seen the rise and fall of many hot trends — to understand what they think about this topic. IBM has sponsored ESG’s independent survey of 376 IT and security professionals involved with cybersecurity technology and processes to ask them about their perspective on SOC modernization and the role of XDR. The comprehensive survey digs into topics like the role of XDR, how it fits into a SOC, how it can help in SOC operations and more. In this blog, we dive into some of the key research findings of the survey, including the five key trends on SOC modernization.

1. More Data and Better Detection Rules Are Still Desired

ESG’s research indicates that organizations are using more data for security and they want to use even more. The data shows that 80 percent of organizations use more than 10 data sources for security operations. These data sources include endpoint data, log data, network data, cloud data, threat intelligence and more. In addition, there is a desire for more custom detection rules. Organizations not only want content from their vendors, but they also want the ability to customize that content or write their own rules as well.

Recommendation: Look for an XDR solution that can pull from a wide variety of data sources while helping reduce tool sprawl and consolidate your tools. Consider your team’s bandwidth for writing detection content, and choose a vendor who offers a combination of out-of-the-box rules to save your team time and the ability to create custom rules based on your team’s needs.

2. SecOps Process Automation Investments Are Proving Valuable to Organizations

According to ESG research, most organizations have invested in varying degrees of automation in SOC operations. In fact, the research shows that 90 percent of organizations have already invested in security automation for SOC operations, with nearly half investing extensively. The level and primary objectives of automation vary, but their investments are paying off.

Recommendation: Choose an XDR solution that can offers automation and AI capabilities that both augment your existing AI implementations and automate some of the manual tasks that security analysts may be doing today in your organization.

3. MITRE ATT&CK Framework is Proving Valuable for Most Organizations

Most organizations are now using the MITRE ATT&CK framework for their security operations, not just as a reference architecture. In fact, the research shows that 89 percent of organizations utilize the MITRE ATT&CK framework for multiple security operations use cases — from understanding the tactics, techniques, and procedures of cyber adversaries, to a guideline for assessing SOC maturity.

Recommendation: Select an XDR solution that maps to MITRE ATT&CK framework and provides contextual threat intelligence to improve prioritization, root-cause analysis and response — thereby improving your SOC maturity.

4. XDR Momentum Continues to Build

While the market is still coming to terms with the definition of XDR, it is very clear from ESG’s research that most organizations are looking to adopt a more robust XDR solution. In fact, the research shows that nearly half of the surveyed organizations see XDR as a path to break down problematic silos — from threat intelligence to MITRE ATT&CK mapping, to custom detection rules and more.

Recommendation: Look for an XDR solution that is open so it not only works with that vendor’s stack but with most tools in your current security operations. By creating a platform for your security operations, SecOps teams can work closely to check on the supported threat intelligence feeds and create custom rules.

5. The Use of Managed Detection and Response (MDR) is Mainstream and Expanding

Given the lack of security skilled resources that organizations are facing today, ESG’s research indicated that most organizations are looking for not just help with the product (XDR), but also the services (MDR) surrounding the product. In fact, the research shows that currently 85 percent of organizations are using managed services for security operations. This can help augment the skills organizations have, and also allow them to focus on more strategic security initiatives.

Recommendation: Consider a vendor who offers not just an XDR product solution but also the necessary professional or managed services that can help your team. Look at options around staff augmentation, deployment and managed security services so your existing staff is appropriately supported.

Download the Report

Detect and Eliminate Threats Faster with the Leading XDR Suite

IBM Security QRadar XDR aligns with all of the key findings called out in the ESG survey. It provides comprehensive visibility across security tools and data sources, whether in the cloud or on-premises, and offers security teams valuable insights that they can use to act quickly. It drives analyst productivity by automating the work of enriching, correlating and investigating threats with purpose-built AI and pre-built playbooks, including automated root cause analysis and MITRE ATT&CK mapping.

QRadar XDR provides the industry’s broadest open XDR ecosystem that integrates EDR, SIEM/UBA, NDR, SOAR, Threat Intelligence and more, while providing a unified interface to display key information from all the sources while leaving the source data where it is. All of this helps speed up alert triage, threat hunting, investigation and response.

IBM Security can also offer Managed Detection and Response services, as part of the industry’s broadest portfolio of solutions that manage the full threat management lifecycle with turnkey support — to help improve SOC productivity, reduce attack dwell time and rapidly respond to threats 24/7.

Learn More About ESG’s Findings

We invite you to download the report and attend an engaging webinar that will feature an interesting panel discussion with experts to explore this XDR topic and findings in more detail. Sign up and see how you can best leverage an XDR solution within your environment.

Register for the Webinar

More from Intelligence & Analytics

2022 Industry Threat Recap: Finance and Insurance

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

And Stay Out! Blocking Backdoor Break-Ins

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses…

Cyber Storm Predicted at the 2023 World Economic Forum

According to the Global Cybersecurity Outlook 2023, 93% of cybersecurity leaders and 86% of business leaders think a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years. Additionally, 43% of organizational leaders think it is likely that a cyberattack will affect their organization severely in the next two years. With cybersecurity concerns on everyone’s mind, the topic received top billing at the recent World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. At the meeting, Matthew…

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…