A new report by ExtraHop, the cloud-native network intelligence company, has revealed a number of crucial findings about extended detection and response (XDR) adoption in enterprises.
The international study, performed by Wakefield Research, underlined the successes, barriers, challenges and hesitations that both Australian and overseas-based organisations face when considering or implementing an XDR strategy.
The participants had a level of uncertainty, but nearly one-third of the respondents believed that an XDR strategy goes beyond endpoint detection. This is interesting when considering that 50% of respondents believed that they did not have the resources to properly implement an XDR strategy.
The report states that 79% of Australian respondents believe that broader adoption of XDR strategies and solutions is critical to mitigating risk and increasing resiliency.
The majority of respondents have also already deployed an XDR strategy at their organisation, at 73%.
As for those without one, 22% of respondents said that they were planning to implement one in the next year.
However, one unexpected outcome from the report has revealed that while the popularity of XDR has grown, what it actually is, who benefits from it, and how organisations can successfully implement it, is confusing many.
IT leaders were asked to define XDR, but only 51% could accurately describe the real definition: a strategy for deepening threat visibility and accelerating threat detection and response by correlating endpoint data with higher fidelity network telemetry and other data sources.
When asked about what the top components to their XDR strategy were, 26% of IT decision-makers saw network detection and response (NDR) as important, with 29% of respondents saying that security information and event management (SIEM) was a top component.
One common misunderstanding among respondents was that XDR was a resource-heavy solution. 26% of respondents believed that using XDR would require an organisation to overhaul or replace components of its current network security strategy and solutions.
Another 49% of respondents believed they didn’t have enough staff or in-house expertise to oversee implementation.
When looking at the Asia Pacific region, there are a number of interesting findings.
22% of enterprises across the Asia Pacific region plan to implement an XDR strategy this year. However, there is some distrust of XDR vendors, and there is also confusion about the benefits of XDR beyond the consolidation of tools under a single vendor.
Almost all IT decision-makers across the Asia Pacific region, 95%, described themselves as familiar with XDR. However, 33% of those same respondents also incorrectly saw XDR as a cybersecurity solution that consolidates solutions like SIEM and NDR under a single vendor, the most of any region.
Currently, 71% of respondents are using XDR, which is on par with IT leaders globally.
Specifically on trust, 23% of the respondents without XDR believe that the lack of trust for XDR providers is a barrier to implementing it, compared to 17% globally.
“As the buzz around XDR skyrocketed in 2022, single-vendor solutions muddied the waters when it came to explaining what it is and how it works,” says Jeff Costlow, CISO, ExtraHop.
“XDR is not a single solution – it’s a strategy that allows security teams to choose the best products for their organisation without the fear of vendor lock-in. The key to XDR success lies in strong, purpose-built integrations that take the tools in your tech stack today to offer complete end-to-end visibility that will help stop sophisticated attacks in their tracks.”
In order to fully understand the benefits of XDR, there needs to be more comprehensive education about it as we move into 2023.