Symantec XDR: Top 5 Insights from ESG’s XDR Research (It’s a Slam Dunk)

I’m a basketball junky. I’ve been playing since I was eight years old, played through University, and even coached for many years. I just love the game—the skills it takes, playing as a team, and game day. Nothing beats game day. You can go into a game thinking you know your competition, predict what plays they’ll run, and understand the mindset of the player you’re guarding—but when it's game time, it’s real-time data on your competition that gives you the competitive advantage.

Perhaps that’s one of the reasons that as a marketer, I love research. It’s that game time feeling. A marketer can make an intelligent guess about what a customer’s or partner’s behavior means, or an intelligent guess about their motivation based on experience, but it’s the research—that “game day” knowledge —that helps us adjust our thinking and better serve our customers.

Most recently, I’ve been digging into research on Extended Detection and Response, or XDR. It’s a security framework specific to the Security Operations Center (SOC) that delivers cross-control point protection. As my colleague Ryan Stolte wrote in his blog about XDR: XDR is a new approach to simplifying and uniting previously disparate security technologies.

The Enterprise Strategy Group (ESG) recently conducted formal research on XDR and the insights they share are important to Enterprise companies navigating the world of XDR. Below are the top 5 insights from the study.

#1 Better Security Efficacy

There are lots of benefits to XDR:

• Stronger security posture as you are able to detect threats from any control point
• Share threat data, correlate it and then take action on it
• Reduce complexity as you integrate across the security stack 
• Simplify SOC processes and send fewer alerts for SOC analysts to hunt down and investigate

With all those benefits, what are customers actually looking for as the top priority for XDR? According to the research: increased security efficacy. In fact, 67% of cyber security professionals say the ability to detect modern and complex attacks is a key capability they want from XDR.

Specifically, the cyber security professionals who responded, point toward:

• Improving detection of advanced threats (34%),
• Increasing automation of remediation tasks without involving IT (33%)
• Improving mean time to respond to threats (29%)

Symantec’s strategy of Integrated Cyber Defense delivers an integrated security stack to customers, allowing solutions to share deep threat intelligences so you can detect more advanced threats more quickly, automating some security tasks, and improving the time it takes to respond to threats. It’s end-to-end security you need to protect, detect, and respond to today’s—and tomorrow’s—threats. Read more on the value of Integrated Cyber Defense in our blog called “The Cyber Security Platform Shift – More Secure, Less Complex.”

#2 Investing in "Data Plumbing"

Data ingestion is key to XDR and it’s also a very big challenge. Each control point collects telemetry in different formats because of the nature of that control point. Network telemetry is very different from Endpoint telemetry which is very different from Information telemetry. But to correlate the data, so you can compare like to like, you need this telemetry in a “normalized” state.

According to ESG’s research, cyber security professionals identify “data plumbing” as a key investment area that would add the most significant additional value to what they are already doing.

It’s understandable why: there’s more and more data that SOCs are collecting over time.  SOCs need to manage that data, normalize it, and then correlate it for the deepest insights. My colleague Kyle Black explains data normalization in more detail in his blog.

#3 Integrating Across the Security Stack

ESG’s XDR research indicates that integrating across the security stack is a top priority. If you look at the history of SOCs building out their systems, they’ve been more reactive—installing point products as needed to block a particular threat. ESG cites from their Cyber Security Landscape study that organizations have on average 25 point products in their security stack. Organizations have come to realize that integrating across the stack and consolidating cyber security solutions offers multiple benefits: reduced complexity, streamlined security operations, and most importantly, much stronger security.

More than three years ago, Symantec started the integration process, creating what we call Integrated Cyber Defense. We knew, then, the importance of integrating solutions and we started with our own. We also created a software layer called Integrated Cyber Defense Exchange (ICDx) that allows customers to integrate third-party solutions, like Splunk and ServiceNow, into a single architecture. Integrations will continue to be critical in the future, and Symantec delivers integrations more completely than any vendor—which leads to the realization of XDR. Symantec’s Integrated Cyber Defense enables XDR. Probably the best news for our customers is that ICDx is free to Symantec customers. You can download it here.

#4 Integrating Third-Party SIEMs

In their research on XDR, ESG recommends that organizations “embrace and extend Security Information and Event Management (SIEM) while looking for SOC budget dollars.” Organizations recognize the value of SIEMs, seeing it as popular and effective. A good XDR solution will collect telemetry across control points, correlate it, and work alongside SIEMs like Spunk to derive insights. For Symantec customers, that’s easily accomplished with ICDx. The architecture we’ve designed simplifies the collection and correlation of threat telemetry, and appends even more insights based on all the knowledge and data we have in our Global Intelligence Network (GIN), the largest civilian cyber security intelligence network in the world.

The bottom line is that we know Symantec will not be your only vendor, so we’ve created a way for you to easily and quickly integrate third-party solutions into a single architecture.

#5 XDR is Here Now

The most surprising insight from the ESG XDR research is that XDR is real—not just a buzzword. In researching XDR, most experts predicted that XDR is two years out. The ESG research indicates that organizations plan to put budget toward XDR in the next year.

To me, this indicates that organizations see the value in XDR and are ready to apply budget against it. This is exciting for Symantec as our Integrated Cyber Defense is market-tested and enables a complete XDR solution. We have the most complete cross-control point protection with industry-leading solutions, and an easy way to integrate third-party solutions.

It's just like shooting the winning bucket at the buzzer on game day.

[1], [2], [3] Source: The Impact of XDR in the Modern SOC. Enterprise Strategy Group, November 2020