As security teams commit more and more resources to detection and response activities, endpoint detection and response (EDR) solutions are becoming core to the process. But when we take a step back and look at the bigger picture surrounding threat detection and response, we see multiple, disparate solutions being used to detect and investigate threats, requiring analysts to log into multiple systems or post-process data from these systems to correlate alerts. With many organizations utilizing a best-of-breed tools strategy for their security stack, integrations have become core to the sanity of most security teams.
Without the necessary integrations, manual processes are all too common, slowing the detection and investigation process, leading to longer mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) times. According to ESG research, 66% of organizations said that threat detection/response effectiveness is limited because it is based upon multiple independent point tools.
But what if we could go beyond basic integrations and utilize fully integrated security tools? And what if we could further simply the management of these tools by obtaining core tools from a single vendor that would ensure the continuous integration, eliminating the fear of compatibility between releases across multiple discrete tools? According to ESG research, this appears to be an attractive idea. 82% of organizations said that improving their threat detection/response is a high priority, with 87% stating that they had a formal plan and funding to improve threat detection and response.
There is a new breed of detection and response tools emerging known as XDR tools. We are all familiar with EDR tools and have begun to invest resources in threat investigation and hunting to uncover unknown, undetected attacks that make it past our core controls. With the expansion of the use of these tools, we have an opportunity to further reduce the MTTD by depending on broad spectrum XDR tools to analyze and correlate alerts across multiple security tools. XDR tools provide a more thorough view into threats, enable faster root cause analysis and ultimately a reduction in MTTD & MTTR.
This important advancement in detection and response tools is exactly what resource-constrained teams need to reduce the amount of time and effort required in the detection and response process. When we factor in the additional time saved by the reduction in systems and tools maintenance, we can realize significant efficiencies in threat detection and response.
Vendors like Palo Alto Networks, Trend Micro, Cisco, and Cynet are tackling this problem and are poised to provide a new level of detection and response products and services for security teams. Integrating threat data and alert correlation across multiple security tools has the promise of faster detection and response. I’m looking forward to seeing just how much relief this approach can provide to the already resource-constrained security teams across companies of all sizes. And I expect more security vendors to introduce similar technologies as security teams begin to realize the benefits of natively integrated threat detection and response tools.