Three Criteria for Choosing the Right XDR Security SolutionEvaluating Extended Detection and Response XDR solutions By: Ken Brisco
- Understand the criteria to consider before evaluating XDR solutions
- Learn the questions you need to ask to determine which XDR vendor is right for your organization
- Discover the value and benefits behind a Taegis XDR solution
The rapid emergence of XDR security has been characterized by a significant amount of industry buzz, confusion around what is and what isn’t XDR and debate on the impact it will have on other security tools such as SIEMs. While we don’t have answers to all the questions, the one thing that everyone can agree on is that XDR will transform and improve threat detection and response. As with any new innovation with great promise, the number of XDR vendors competing for your attention has intensified. The most important consideration for your organization is how XDR will improve the efficacy and efficiency of your security operations. Understanding the criteria needed to evaluate XDR as a solution is an important and necessary step in making sure you maximize your return on investment both financially and operationally. Download our Taegis XDR Buyer's Guide.
IT leaders should start their evaluation of XDR solutions based on the following criteria:
- Advanced Threat Detection
- XDR approach: Open or Proprietary
- SOC Support
1. The Need for Advanced Threat Detection
One simple Google search on the term “data breaches” and you will quickly recognize that there is a dire need to improve threat detection in the SOC. This need is further validated by a recent study that revealed over 80% of IT and cybersecurity professionals are increasing their budget in threat detection and response technologies.1 According to Gartner, three primary requirements needed by an XDR solution to address advanced threat detection include2:
- Centralization of normalized data
- Correlation of security data and alerts into incidents
- Centralized incident response capabilities
Here are a few questions you can ask to determine the strength of a vendor’s detection capabilities:
- What kinds of threats and malicious activities are detected by your XDR solution?
- Does it cover both known and unknown threats?
- What sources of threat intelligence are used?
2. XDR Security Approach: Open and Proprietary
There are two primary approaches used by XDR vendors to offer XDR: Open and Proprietary. Proprietary XDR is characterized by vendors that have unified their own suite of network solutions on a centralized XDR management platform. A key factor in determining if this approach is right for your organization is your willingness to “rip and replace” existing security tools and depend on a single vendor.
Open XDR consolidates best-of-breed security products, as opposed to single vendor solutions, into a centralized management hub. A key factor in determining if this approach is right for your organization is the breadth and depth of the solution’s integrations.
Here are a couple of questions you can ask to determine which approach is in line with your current and future business needs:
- Will I need to change my infrastructure or deploy new technology?
- What data sources are currently supported by your XDR solution?
3. Support for Security Operations
The challenges of under skilled and understaffed security teams have been well documented. XDRs are designed to improve the productivity of your security team. The solution accelerates investigation and response with built-in automation. It also offers a centralized user interface to eliminate the manual integration of siloed solutions.
Here are a few questions you can ask to determine the level of support the vendor provides for their XDR solution:
- What level of automation is supported by your solution out of the box?
- When I have a question or concern how do I engage with your team?
- Do you offer fully managed XDR?
As vendors race to position their solutions in the competitive XDR marketplace, IT leaders must evaluate XDR vendors, comparing their existing security capabilities against benefits delivered by an XDR solution.
To view additional criteria that can be used to choose the right XDR solution for your organization as well as understand the value and benefits of our Taegis XDR solution, download our XDR Buyer’s Guide.1ESG, The Impact of XDR on the Modern SOC, 2020
2Gartner, Innovation Insight for Extended Detection and Response, 2020