SlideShare a Scribd company logo

Why Should Organizations Consider Extended Detection and Response (XDR)?

Enterprise Management Associates
Enterprise Management Associates

As security leaders evaluate the vast array of tools available to combat ransomware attacks, endpoint and extended detection and response solutions still stand out as the best defense against emerging threats. How can an enterprise know which of these tools is the best though? Enterprise Management Associates (EMA) surveyed IT professionals, information security practitioners, and technology business leaders across all verticals to discover their attitudes and perspectives toward XDR solutions. The primary goal was to use survey responses and third-party interviews to create a comprehensive definition of “What is XDR?” for leaders to use as part of their solution evaluation process. Check out these research slides featuring Christopher Steffen, CISSP, CISA, and vice president of research at EMA, to discover the definition and get results from this research.

Technology
1 of 17
Download to read offline
Why Should Organizations Consider Extended Detection and Response (XDR)? Christopher M. Steffen, CISSP, CISA Vice President – Research Enterprise Management Associates (EMA) csteffen@enterprisemanagement.com Sponsored by . . .
2 Watch the On-Demand Webinar • Why Should Organizations Consider Extended Detection and Response (XDR)? On-Demand Webinar: https://info.enterprisemanagement.com/extended-detection-and- response-xdr-webinar-ws • Check out upcoming webinars from EMA here: https://www.enterprisemanagement.com/freeResearch
| @ema_research Featured Speaker Chris brings over 25 years of industry experience as a noted information security executive, researcher, and presenter, focusing on IT management/leadership, cloud security, and regulatory compliance. He also serves as the co-chair of the zero trust working group for the Cloud Security Alliance (CSA) Chris’s technical career started in the financial services vertical in systems administration for a credit reporting company, eventually building the Network Operations group, as well as the Information Security practice and Technical Compliance practice for the company before leaving as the Principal Technical Architect. He has been the Director of Information for a manufacturing company and the Chief Evangelist for several technical companies, focusing on cloud security and cloud application transformation. He’s also held the position of CIO of a financial services company, overseeing the technology-related functions of the enterprise. Chris currently leads the information security, risk and compliance management practice for Enterprise Management Associates (EMA), a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. Chris holds several technical certifications, including Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA), and was awarded the Microsoft Most Valuable Professional Award five times for virtualization and Cloud and Data Center Management (CDM). He holds a Bachelor of Arts (Summa Cum Laude) from the Metropolitan State College of Denver. © 2023 Enterprise Management Associates, Inc. 3 Christopher Steffen Vice President - Research Information Security, Risk and Compliance Management Enterprise Management Associates | @ema_research
| @ema_research Sponsors © 2023 Enterprise Management Associates, Inc. 4 | @ema_research
Research Methodologies and Demographics
| @ema_research Demographics & Methodology 6 Which of the following best describes your organization's primary industry? Which of the following BEST describes your specific role (IT Related)? 31.9% 17.1% 15.2% 10.0% 4.3% 2.9% 2.4% 2.4% 2.4% 1.9% 1.4% 1.4% 1.0% 1.0% 1.0% 0.5% 0.5% 0.5% 0.5% 0.5% 0.5% 0.5% 0.5% IT Director CIO/CTO IT Manager/Supervisor (or equivalent) VP IT IT Administrator/System Administrator Chief Data Officer CISO/CSO VP Information Security Information Security Director IT Project/Program Manager IT Service Manager/ITSM Team Leader IT Business Analyst Director of IT Audit/Compliance Director of Cloud Computing/Cloud… Programmer/Developer/Engineer Chief Compliance Officer Chief Privacy Officer Director of Architecture IT Director/Manager (other) IT Auditor/Compliance Specialist IT Architect IT Consultant/Integrator Help Desk/IT Support 14.4% 12.3% 11.9% 11.4% 7.2% 4.7% 4.2% 4.2% 4.2% 4.2% 3.4% 3.0% 2.1% 2.1% 1.7% 1.3% 1.3% 1.3% 1.3% 1.3% 1.3% 0.4% 0.4% 0.4% Manufacturing Computer/Technology Services (IaaS, SaaS, MSP, MSSP,… Finance/Financial Services/Banking Computer/Technology Software (mobile app, consumer,… Retail/Wholesale/Distribution Healthcare/Medical/Pharmaceutical Computer/Technology Hardware (devices, chip,… Computer/Technology: Other Professional Services (non-technical) Transportation/Airlines/Trucking/Rail Telecommunications Utilities/Energy Business Services/Consulting Insurance Automotive Ecommerce Education (federal, state & local) Gaming/Digital Entertainment Government (federal, state & local) Oil/Gas/Chemicals Other Aerospace/Defense Nonprofit/Not for Profit Travel/Hospitality/Recreation © 2023 Enterprise Management Associates, Inc.
XDR in the Enterprise 7
| @ema_research © 2023 Enterprise Management Associates, Inc. Do you envision an XDR solution or some other security tool/solution replacing your SIEM solution your organization is currently using? 81.1% 18.9% Yes No Is your organization currently using/evaluating an extended detection and response (XDR) solution? 59.7% 26.3% 8.1% 3.8% 2.1% Yes - currently using within our organization Yes - currently evaluating, with funding approved to purchase in the next 3 months Yes - currently evaluating to purchase in the next budget year Yes - soliciting vendors/proof of concept, but no immediate plans to purchase No - not currently using/evaluating
| @ema_research © 2023 Enterprise Management Associates, Inc. Which technologies/products do you expect in an XDR platform? 24.1% 20.5% 13.6% 12.6% 9.7% 8.9% 8.5% 2.0% SIEM EDR Email Security Threat Detection NDR ASM SOAR UBA
| @ema_research © 2023 Enterprise Management Associates, Inc. What is the primary use case you are looking to solve with XDR? 60.6% 17.8% 6.8% 11.4% 1.7% 1.7% Improve detection of advanced threats Provide automated analyst response Prioritize alert Tool consolidation EDR replacement Alert correlation across tools
| @ema_research © 2023 Enterprise Management Associates, Inc. What are the most important orchestration capabilities of an XDR solution? 3.34 3.16 2.95 2.78 2.76 Enrichment Provisioning and deprovisioning Customization (playbooks) Visualizations Collaboration (email, slack, tickets, etc.) What are the most important automation capabilities of an XDR solution? 3.44 3.36 3.04 2.85 2.31 Repetitive Task Reporting Low-code automation Visualization Alert Automation
| @ema_research © 2023 Enterprise Management Associates, Inc. Assuming XDR is the evolution of EDR beyond endpoints, which XDR capabilities appeal to you most? 25.5% 21.5% 20.6% 19.0% 13.4% Advanced analytics Simplified visualization of complex attacks Correlation and enrichment of security data from multiple security controls Automated cross-response capabilities Reduction in the number of escalations to higher-skilled security analysts
| @ema_research © 2023 Enterprise Management Associates, Inc. When considering the functions and capabilities of an XDR solution, which of the following functions / capabilities are the most important? 8.69 8.66 8.66 8.64 8.62 8.61 8.61 8.61 8.6 8.58 8.55 8.55 Ease of Use / Management Attack understanding/intelligence Automated detection of zero-day attacks Unified Threat Hunting Capabilities Provide Automated Detection of Complex Threats with… Enable More Threat Hunting Imrpove Mean Time to Response (MTTR) Integrate Visibly with Existing Tools and Data Sources Rapid Time to Value / Ease of Deployment Improve Mean Time to Detection (MTTD) End-user Support from Vendor Ingest Multiple Data Sources
Conclusions
| @ema_research Conclusions © 2022 Enterprise Management Associates, Inc. XDR solutions are in line to replace underperforming legacy security solutions. But it isn’t always because a solution is underperforming, solution complexity, deployment and maintenance, and resource requirements are important factors. If an XDR solution can easily supplant these solutions and about 1/3 of the annual cost, security leaders are forced to pay attention. . | @ema_research Technology leaders are looking for in a XDR solution mimic the capabilities of the solutions that they are ,looking to replace, namely SIEM and SOAR solutions. XDR takes the core capabilities of SIEM and SOAR solutions and provides those insights in a simple and easy manner to digest. For many organizations, having a simpler and less expensive XDR solution to achieve those same capabilities is likely the right decision. It is not enough to just point out threats and low-level attacks: organizations are looking to their XDR solution to provide advanced insights into the threat landscape.. Organizations looking to evaluate and deploy an XDR solution would do well to make the vendor prove these core capabilities – not just as a point in time, but from a tactical and long-term perspective. Organizations are always updating their security tools and are looking to XDR to help with this process SIEM, SOAR and threat detection are the most important capabilities Ease of use, zero-day threat detection, better reporting attacks, complex analytics, and automated reporting
| @ema_research Conclusions © 2023 Enterprise Management Associates, Inc. Extended detection and response, or XDR, is a cybersecurity solution that: • Integrates with existing and future security and operations tools • Provides in-depth insights and reporting to technicians and decisionmakers • Streamlines security operations across users, endpoints, data, networks, cloud resources, applications and other workloads • Applies analytics and automation to detect, analyze, hunt, and mitigate threats. | @ema_research Taking these considerations, functions and capabilities to create a unified definition of “XDR”, EMA proposes the following definition:
| @ema_research Get the Report Learn more and download https://bit.ly/3rLfcaZ © 2022 Enterprise Management Associates, Inc. 17 | @ema_research

Recommended

SSR Overview 2008
SSR Overview 2008SSR Overview 2008
SSR Overview 2008granicki
 
PCSG Corporate Overview
PCSG Corporate OverviewPCSG Corporate Overview
PCSG Corporate Overviewjayallen77
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?rbrockway
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Cyber Threat Intelligence: Transforming Data into Relevant Intelligence
Cyber Threat Intelligence: Transforming Data into Relevant IntelligenceCyber Threat Intelligence: Transforming Data into Relevant Intelligence
Cyber Threat Intelligence: Transforming Data into Relevant IntelligenceEnterprise Management Associates
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
PAMaaS- Powered by CyberArk
PAMaaS- Powered by CyberArkPAMaaS- Powered by CyberArk
PAMaaS- Powered by CyberArkHappiest Minds Technologies
 
SIEM Buyer's Guide
SIEM Buyer's GuideSIEM Buyer's Guide
SIEM Buyer's GuideJoseph DeFever
 

Recommended

SSR Overview 2008
SSR Overview 2008SSR Overview 2008
SSR Overview 2008granicki
 
PCSG Corporate Overview
PCSG Corporate OverviewPCSG Corporate Overview
PCSG Corporate Overviewjayallen77
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?rbrockway
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Cyber Threat Intelligence: Transforming Data into Relevant Intelligence
Cyber Threat Intelligence: Transforming Data into Relevant IntelligenceCyber Threat Intelligence: Transforming Data into Relevant Intelligence
Cyber Threat Intelligence: Transforming Data into Relevant IntelligenceEnterprise Management Associates
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
PAMaaS- Powered by CyberArk
PAMaaS- Powered by CyberArkPAMaaS- Powered by CyberArk
PAMaaS- Powered by CyberArkHappiest Minds Technologies
 
SIEM Buyer's Guide
SIEM Buyer's GuideSIEM Buyer's Guide
SIEM Buyer's GuideJoseph DeFever
 
Software Analytics = Sharing Information
Software Analytics = Sharing InformationSoftware Analytics = Sharing Information
Software Analytics = Sharing InformationThomas Zimmermann
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service providerpaulharry03
 
Responding to the Pandemic: Information Security and Technology Trends
Responding to the Pandemic: Information Security and Technology Trends Responding to the Pandemic: Information Security and Technology Trends
Responding to the Pandemic: Information Security and Technology Trends Enterprise Management Associates
 
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss PreventionWebinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss PreventionWithumSmith+Brown, formerly Portal Solutions
 
Secure Coding Practices – Growing Success or Zero-Day Epidemic?
Secure Coding Practices – Growing Success or Zero-Day Epidemic?Secure Coding Practices – Growing Success or Zero-Day Epidemic?
Secure Coding Practices – Growing Success or Zero-Day Epidemic?Enterprise Management Associates
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecuritySecuraa
 
The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021Andy Kwong
 
Extended Detection & Response Services in India - Senselearner
Extended Detection & Response Services in India - SenselearnerExtended Detection & Response Services in India - Senselearner
Extended Detection & Response Services in India - SenselearnerSense Learner Technologies Pvt Ltd
 
How It All Ties Together Sun Idm Roadshow For Sun
How It All Ties Together Sun Idm Roadshow For SunHow It All Ties Together Sun Idm Roadshow For Sun
How It All Ties Together Sun Idm Roadshow For Sunvijaychn
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 DefenderMighty Guides, Inc.
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secureEnterpriseGRC Solutions, Inc.
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
Top 10 SOAR companies from 2022 December2022.pdf
Top 10 SOAR companies from 2022 December2022.pdfTop 10 SOAR companies from 2022 December2022.pdf
Top 10 SOAR companies from 2022 December2022.pdfInsightsSuccess4
 
Vermont Teddy Bear Essay
Vermont Teddy Bear EssayVermont Teddy Bear Essay
Vermont Teddy Bear EssayAmy Williams
 
Security operations center inhouse vs outsource
Security operations center inhouse vs outsourceSecurity operations center inhouse vs outsource
Security operations center inhouse vs outsourceNetmagic Solutions Pvt. Ltd.
 
Real-world incident response, management, and prevention
Real-world incident response, management, and preventionReal-world incident response, management, and prevention
Real-world incident response, management, and preventionEnterprise Management Associates
 
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetryObservability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetryEnterprise Management Associates
 

More Related Content

Similar to Why Should Organizations Consider Extended Detection and Response (XDR)?

Software Analytics = Sharing Information
Software Analytics = Sharing InformationSoftware Analytics = Sharing Information
Software Analytics = Sharing InformationThomas Zimmermann
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service providerpaulharry03
 
Responding to the Pandemic: Information Security and Technology Trends
Responding to the Pandemic: Information Security and Technology Trends Responding to the Pandemic: Information Security and Technology Trends
Responding to the Pandemic: Information Security and Technology Trends Enterprise Management Associates
 
Secure Coding Practices – Growing Success or Zero-Day Epidemic?
Secure Coding Practices – Growing Success or Zero-Day Epidemic?Secure Coding Practices – Growing Success or Zero-Day Epidemic?
Secure Coding Practices – Growing Success or Zero-Day Epidemic?Enterprise Management Associates
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecuritySecuraa
 
The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021Andy Kwong
 
Extended Detection & Response Services in India - Senselearner
Extended Detection & Response Services in India - SenselearnerExtended Detection & Response Services in India - Senselearner
Extended Detection & Response Services in India - SenselearnerSense Learner Technologies Pvt Ltd
 
How It All Ties Together Sun Idm Roadshow For Sun
How It All Ties Together Sun Idm Roadshow For SunHow It All Ties Together Sun Idm Roadshow For Sun
How It All Ties Together Sun Idm Roadshow For Sunvijaychn
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 DefenderMighty Guides, Inc.
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Top 10 SOAR companies from 2022 December2022.pdf
Top 10 SOAR companies from 2022 December2022.pdfTop 10 SOAR companies from 2022 December2022.pdf
Top 10 SOAR companies from 2022 December2022.pdfInsightsSuccess4
 
Vermont Teddy Bear Essay
Vermont Teddy Bear EssayVermont Teddy Bear Essay
Vermont Teddy Bear EssayAmy Williams
 

Similar to Why Should Organizations Consider Extended Detection and Response (XDR)? (20)

Software Analytics = Sharing Information
Software Analytics = Sharing InformationSoftware Analytics = Sharing Information
Software Analytics = Sharing Information
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service provider
 
Responding to the Pandemic: Information Security and Technology Trends
Responding to the Pandemic: Information Security and Technology Trends Responding to the Pandemic: Information Security and Technology Trends
Responding to the Pandemic: Information Security and Technology Trends
 
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss PreventionWebinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
 
Secure Coding Practices – Growing Success or Zero-Day Epidemic?
Secure Coding Practices – Growing Success or Zero-Day Epidemic?Secure Coding Practices – Growing Success or Zero-Day Epidemic?
Secure Coding Practices – Growing Success or Zero-Day Epidemic?
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecurity
 
The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021
 
Extended Detection & Response Services in India - Senselearner
Extended Detection & Response Services in India - SenselearnerExtended Detection & Response Services in India - Senselearner
Extended Detection & Response Services in India - Senselearner
 
How It All Ties Together Sun Idm Roadshow For Sun
How It All Ties Together Sun Idm Roadshow For SunHow It All Ties Together Sun Idm Roadshow For Sun
How It All Ties Together Sun Idm Roadshow For Sun
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
Top 10 SOAR companies from 2022 December2022.pdf
Top 10 SOAR companies from 2022 December2022.pdfTop 10 SOAR companies from 2022 December2022.pdf
Top 10 SOAR companies from 2022 December2022.pdf
 
Vermont Teddy Bear Essay
Vermont Teddy Bear EssayVermont Teddy Bear Essay
Vermont Teddy Bear Essay
 
Security operations center inhouse vs outsource
Security operations center inhouse vs outsourceSecurity operations center inhouse vs outsource
Security operations center inhouse vs outsource
 

More from Enterprise Management Associates

Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetryObservability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetryEnterprise Management Associates
 
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...Enterprise Management Associates
 
Modern ITSM—the untapped game-changer for midsize organizations
Modern ITSM—the untapped game-changer for midsize organizationsModern ITSM—the untapped game-changer for midsize organizations
Modern ITSM—the untapped game-changer for midsize organizationsEnterprise Management Associates
 
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...Enterprise Management Associates
 
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...Enterprise Management Associates
 
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...Enterprise Management Associates
 
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityNavigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityEnterprise Management Associates
 
Kubernetes Unveiled: Trends, Challenges, and Opportunities
Kubernetes Unveiled: Trends, Challenges, and OpportunitiesKubernetes Unveiled: Trends, Challenges, and Opportunities
Kubernetes Unveiled: Trends, Challenges, and OpportunitiesEnterprise Management Associates
 
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...Enterprise Management Associates
 
Challenges and Best Practices for Securing Modern Operational Technology Netw...
Challenges and Best Practices for Securing Modern Operational Technology Netw...Challenges and Best Practices for Securing Modern Operational Technology Netw...
Challenges and Best Practices for Securing Modern Operational Technology Netw...Enterprise Management Associates
 
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...Enterprise Management Associates
 
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network AccessMoving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network AccessEnterprise Management Associates
 
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...Enterprise Management Associates
 
The Critical Role of Workload Automation in Achieving Successful Digital Tran...
The Critical Role of Workload Automation in Achieving Successful Digital Tran...The Critical Role of Workload Automation in Achieving Successful Digital Tran...
The Critical Role of Workload Automation in Achieving Successful Digital Tran...Enterprise Management Associates
 

More from Enterprise Management Associates (20)

Real-world incident response, management, and prevention
Real-world incident response, management, and preventionReal-world incident response, management, and prevention
Real-world incident response, management, and prevention
 
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetryObservability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
 
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
 
Modern ITSM—the untapped game-changer for midsize organizations
Modern ITSM—the untapped game-changer for midsize organizationsModern ITSM—the untapped game-changer for midsize organizations
Modern ITSM—the untapped game-changer for midsize organizations
 
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
 
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
 
Transcending Passwords: Emerging Trends in Authentication
Transcending Passwords: Emerging Trends in AuthenticationTranscending Passwords: Emerging Trends in Authentication
Transcending Passwords: Emerging Trends in Authentication
 
Modernize NetOps with Business-Aware Network Monitoring
Modernize NetOps with Business-Aware Network MonitoringModernize NetOps with Business-Aware Network Monitoring
Modernize NetOps with Business-Aware Network Monitoring
 
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
 
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityNavigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
 
Kubernetes Unveiled: Trends, Challenges, and Opportunities
Kubernetes Unveiled: Trends, Challenges, and OpportunitiesKubernetes Unveiled: Trends, Challenges, and Opportunities
Kubernetes Unveiled: Trends, Challenges, and Opportunities
 
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
 
Challenges and Best Practices for Securing Modern Operational Technology Netw...
Challenges and Best Practices for Securing Modern Operational Technology Netw...Challenges and Best Practices for Securing Modern Operational Technology Netw...
Challenges and Best Practices for Securing Modern Operational Technology Netw...
 
CMDB in Cloud Times: Myths, Mistakes, and Mastery
CMDB in Cloud Times: Myths, Mistakes, and Mastery CMDB in Cloud Times: Myths, Mistakes, and Mastery
CMDB in Cloud Times: Myths, Mistakes, and Mastery
 
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
 
Five Managed SD-WAN Trends to Watch in 2023
Five Managed SD-WAN Trends to Watch in 2023Five Managed SD-WAN Trends to Watch in 2023
Five Managed SD-WAN Trends to Watch in 2023
 
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network AccessMoving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
 
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
 
The Critical Role of Workload Automation in Achieving Successful Digital Tran...
The Critical Role of Workload Automation in Achieving Successful Digital Tran...The Critical Role of Workload Automation in Achieving Successful Digital Tran...
The Critical Role of Workload Automation in Achieving Successful Digital Tran...
 
AI-Driven Networks: Leveling Up Network Management
AI-Driven Networks: Leveling Up Network ManagementAI-Driven Networks: Leveling Up Network Management
AI-Driven Networks: Leveling Up Network Management
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Why Should Organizations Consider Extended Detection and Response (XDR)?

  • 1. Why Should Organizations Consider Extended Detection and Response (XDR)? Christopher M. Steffen, CISSP, CISA Vice President – Research Enterprise Management Associates (EMA) csteffen@enterprisemanagement.com Sponsored by . . .
  • 2. 2 Watch the On-Demand Webinar • Why Should Organizations Consider Extended Detection and Response (XDR)? On-Demand Webinar: https://info.enterprisemanagement.com/extended-detection-and- response-xdr-webinar-ws • Check out upcoming webinars from EMA here: https://www.enterprisemanagement.com/freeResearch
  • 3. | @ema_research Featured Speaker Chris brings over 25 years of industry experience as a noted information security executive, researcher, and presenter, focusing on IT management/leadership, cloud security, and regulatory compliance. He also serves as the co-chair of the zero trust working group for the Cloud Security Alliance (CSA) Chris’s technical career started in the financial services vertical in systems administration for a credit reporting company, eventually building the Network Operations group, as well as the Information Security practice and Technical Compliance practice for the company before leaving as the Principal Technical Architect. He has been the Director of Information for a manufacturing company and the Chief Evangelist for several technical companies, focusing on cloud security and cloud application transformation. He’s also held the position of CIO of a financial services company, overseeing the technology-related functions of the enterprise. Chris currently leads the information security, risk and compliance management practice for Enterprise Management Associates (EMA), a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. Chris holds several technical certifications, including Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA), and was awarded the Microsoft Most Valuable Professional Award five times for virtualization and Cloud and Data Center Management (CDM). He holds a Bachelor of Arts (Summa Cum Laude) from the Metropolitan State College of Denver. © 2023 Enterprise Management Associates, Inc. 3 Christopher Steffen Vice President - Research Information Security, Risk and Compliance Management Enterprise Management Associates | @ema_research
  • 4. | @ema_research Sponsors © 2023 Enterprise Management Associates, Inc. 4 | @ema_research
  • 6. | @ema_research Demographics & Methodology 6 Which of the following best describes your organization's primary industry? Which of the following BEST describes your specific role (IT Related)? 31.9% 17.1% 15.2% 10.0% 4.3% 2.9% 2.4% 2.4% 2.4% 1.9% 1.4% 1.4% 1.0% 1.0% 1.0% 0.5% 0.5% 0.5% 0.5% 0.5% 0.5% 0.5% 0.5% IT Director CIO/CTO IT Manager/Supervisor (or equivalent) VP IT IT Administrator/System Administrator Chief Data Officer CISO/CSO VP Information Security Information Security Director IT Project/Program Manager IT Service Manager/ITSM Team Leader IT Business Analyst Director of IT Audit/Compliance Director of Cloud Computing/Cloud… Programmer/Developer/Engineer Chief Compliance Officer Chief Privacy Officer Director of Architecture IT Director/Manager (other) IT Auditor/Compliance Specialist IT Architect IT Consultant/Integrator Help Desk/IT Support 14.4% 12.3% 11.9% 11.4% 7.2% 4.7% 4.2% 4.2% 4.2% 4.2% 3.4% 3.0% 2.1% 2.1% 1.7% 1.3% 1.3% 1.3% 1.3% 1.3% 1.3% 0.4% 0.4% 0.4% Manufacturing Computer/Technology Services (IaaS, SaaS, MSP, MSSP,… Finance/Financial Services/Banking Computer/Technology Software (mobile app, consumer,… Retail/Wholesale/Distribution Healthcare/Medical/Pharmaceutical Computer/Technology Hardware (devices, chip,… Computer/Technology: Other Professional Services (non-technical) Transportation/Airlines/Trucking/Rail Telecommunications Utilities/Energy Business Services/Consulting Insurance Automotive Ecommerce Education (federal, state & local) Gaming/Digital Entertainment Government (federal, state & local) Oil/Gas/Chemicals Other Aerospace/Defense Nonprofit/Not for Profit Travel/Hospitality/Recreation © 2023 Enterprise Management Associates, Inc.
  • 7. XDR in the Enterprise 7
  • 8. | @ema_research © 2023 Enterprise Management Associates, Inc. Do you envision an XDR solution or some other security tool/solution replacing your SIEM solution your organization is currently using? 81.1% 18.9% Yes No Is your organization currently using/evaluating an extended detection and response (XDR) solution? 59.7% 26.3% 8.1% 3.8% 2.1% Yes - currently using within our organization Yes - currently evaluating, with funding approved to purchase in the next 3 months Yes - currently evaluating to purchase in the next budget year Yes - soliciting vendors/proof of concept, but no immediate plans to purchase No - not currently using/evaluating
  • 9. | @ema_research © 2023 Enterprise Management Associates, Inc. Which technologies/products do you expect in an XDR platform? 24.1% 20.5% 13.6% 12.6% 9.7% 8.9% 8.5% 2.0% SIEM EDR Email Security Threat Detection NDR ASM SOAR UBA
  • 10. | @ema_research © 2023 Enterprise Management Associates, Inc. What is the primary use case you are looking to solve with XDR? 60.6% 17.8% 6.8% 11.4% 1.7% 1.7% Improve detection of advanced threats Provide automated analyst response Prioritize alert Tool consolidation EDR replacement Alert correlation across tools
  • 11. | @ema_research © 2023 Enterprise Management Associates, Inc. What are the most important orchestration capabilities of an XDR solution? 3.34 3.16 2.95 2.78 2.76 Enrichment Provisioning and deprovisioning Customization (playbooks) Visualizations Collaboration (email, slack, tickets, etc.) What are the most important automation capabilities of an XDR solution? 3.44 3.36 3.04 2.85 2.31 Repetitive Task Reporting Low-code automation Visualization Alert Automation
  • 12. | @ema_research © 2023 Enterprise Management Associates, Inc. Assuming XDR is the evolution of EDR beyond endpoints, which XDR capabilities appeal to you most? 25.5% 21.5% 20.6% 19.0% 13.4% Advanced analytics Simplified visualization of complex attacks Correlation and enrichment of security data from multiple security controls Automated cross-response capabilities Reduction in the number of escalations to higher-skilled security analysts
  • 13. | @ema_research © 2023 Enterprise Management Associates, Inc. When considering the functions and capabilities of an XDR solution, which of the following functions / capabilities are the most important? 8.69 8.66 8.66 8.64 8.62 8.61 8.61 8.61 8.6 8.58 8.55 8.55 Ease of Use / Management Attack understanding/intelligence Automated detection of zero-day attacks Unified Threat Hunting Capabilities Provide Automated Detection of Complex Threats with… Enable More Threat Hunting Imrpove Mean Time to Response (MTTR) Integrate Visibly with Existing Tools and Data Sources Rapid Time to Value / Ease of Deployment Improve Mean Time to Detection (MTTD) End-user Support from Vendor Ingest Multiple Data Sources
  • 15. | @ema_research Conclusions © 2022 Enterprise Management Associates, Inc. XDR solutions are in line to replace underperforming legacy security solutions. But it isn’t always because a solution is underperforming, solution complexity, deployment and maintenance, and resource requirements are important factors. If an XDR solution can easily supplant these solutions and about 1/3 of the annual cost, security leaders are forced to pay attention. . | @ema_research Technology leaders are looking for in a XDR solution mimic the capabilities of the solutions that they are ,looking to replace, namely SIEM and SOAR solutions. XDR takes the core capabilities of SIEM and SOAR solutions and provides those insights in a simple and easy manner to digest. For many organizations, having a simpler and less expensive XDR solution to achieve those same capabilities is likely the right decision. It is not enough to just point out threats and low-level attacks: organizations are looking to their XDR solution to provide advanced insights into the threat landscape.. Organizations looking to evaluate and deploy an XDR solution would do well to make the vendor prove these core capabilities – not just as a point in time, but from a tactical and long-term perspective. Organizations are always updating their security tools and are looking to XDR to help with this process SIEM, SOAR and threat detection are the most important capabilities Ease of use, zero-day threat detection, better reporting attacks, complex analytics, and automated reporting
  • 16. | @ema_research Conclusions © 2023 Enterprise Management Associates, Inc. Extended detection and response, or XDR, is a cybersecurity solution that: • Integrates with existing and future security and operations tools • Provides in-depth insights and reporting to technicians and decisionmakers • Streamlines security operations across users, endpoints, data, networks, cloud resources, applications and other workloads • Applies analytics and automation to detect, analyze, hunt, and mitigate threats. | @ema_research Taking these considerations, functions and capabilities to create a unified definition of “XDR”, EMA proposes the following definition:
  • 17. | @ema_research Get the Report Learn more and download https://bit.ly/3rLfcaZ © 2022 Enterprise Management Associates, Inc. 17 | @ema_research