Extended Detection and Response (XDR) is a relatively recent arrival to the security landscape but one that has quickly found its niche.
Considered the next natural evolution beyond EDR (endpoint detection and response) and MDR (managed detection and response), Forrester defines XDR as a way to “optimise threat detection, investigation, response, and hunting in real time.”
According to research and advisory consultancy Veqtor8, XDR represents a new approach to security by providing a unified and integrated solution that offers comprehensive visibility, advanced threat detection, and streamlined incident response capabilities.
“XDR is one of the fastest growing cyber security market segments,” Veqtor8 analyst Andrew Milroy said.
“The big breaches in Australia have exposed cyber security postures – even among leading companies – as being inadequate.
“Companies now need to assume breaches will occur and focus on detection and response to a greater extent..."
"Sure, they still need to do everything they can to stop breaches, but they need to acknowledge that they will sometimes occur. So, XDR becomes critical.”
- Andrew Milroy, analyst at Veqtor8
Milroy sees XDR as offering advantages over traditional security approaches by aggregating and correlating data from multiple sources, enabling better threat hunting, faster incident response, and improved overall security posture.
It is also on the radar of many tech leaders given it breaks down silos and uses advanced analytics, machine learning, and artificial intelligence to empower organisations to stay ahead of sophisticated threats and protect their valuable assets more effectively.
Gartner expects XDR to see surging adoption rates, forecasting that 40 percent of organisations will be deploying the technology by 2027.
Yet while many analysts are bullish, others are more cautious. Enterprise Strategy Group (ESG) estimates only 24 percent of security professionals are very familiar with XDR.
One hurdle to adoption is vendor lock-in, Milroy said, as it can be difficult to integrate with other controls, as well as being time-consuming and costly to switch vendors.
By consolidating data from diverse security tools and sources into a centralised platform, XDR offers a ‘panoramic view’ of the entire security landscape, enabling security analysts to detect and respond to threats more effectively.
“The technology addresses many of the issues that security teams face including the overload in alerts, difficulty in prioritising threats, and tool sprawl,” Milroy said.
“There’s much greater visibility across endpoints, clouds, workloads, users and networks; more rapid detection and response times; reduced number of false positives; and adding more automation into SOCs [security operations centres], thus reducing the need for scarce labour.”
Gartner’s research supports this, stating that XDR enables overwhelmed SOCs to consolidate siloed products and improve efficiency by accelerating threat detection and incident response.
XDR can be used in the defence against certain types of threats such as malware infections; advanced persistent threats (APTs); data breaches; ransomware attacks; and insider threats.
And now – more than ever – organisations are realising the limitations of traditional security solutions, given cybersecurity threats have become more sophisticated and pervasive.
According to Milroy, XDR enables organisations to stay one step ahead of the malicious actors on several fronts: by identifying and responding to the threats by correlating data from various sources; uncovering hidden connections; and providing security teams with a complete picture of the threat landscape.
Australian graphic design platform Canva is a prime example of a company already leveraging the power of XDR. Canva is using XDR to mitigate risks and gain greater productivity.
The organisation implemented XDR to achieve agile and secure cloud workload protection and score enhanced “reliability, performance, and scalability,” according to Canva’s head of threat detection and response, Raymond Schippers.
“It was an incredibly successful rollout and one of the smoothest in my career,” Schippers said.
“In a matter of weeks we managed to roll out to 3500 endpoints,” he said, which is now providing enhanced visibility across Canva’s entire device fleet.
“When it comes to XDR, you definitely need to have the ability to have visibility and control, and it also has to be reliable. You need to make sure that it can see and provide you the insights that you actually need,” he said.
“Canva has been in a rapid growth phase. We’ve been rapidly hiring new staff and rapidly growing our customer base. As a result, there’s been an increased need for security expertise and specialisation.”
Most notably, XDR technology gives Canva “deep visibility across the attack chain,” helping the company identify – very early in the piece – coverage gaps, ensuring an aggressor can’t get a foothold in its environment, Schippers said.
The 2023 State of Security sponsors have worked tirelessly to improve the safety of enterprise and channel companies.
We are proud to present the IT Security champions, and showcase the work they do.