• United States



Contributing Writer

5 things security pros want from XDR platforms

Jul 07, 20223 mins
Incident ResponseIntrusion Detection Software

New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform.

closeup of female hand holding red marker checking off list
Credit: Thinkstock

According to new research from ESG and the Information Systems Security Association (ISSA) 58% of organizations are consolidating or considering consolidating the number of security vendors they do business with. It’s simply too hard to manage an army of disconnected security point tools, each requiring its own training, implementation, administration, and ongoing support.

This means that organizations will buy more products from fewer vendors, and big cybersecurity tech kahunas like Check Point, Cisco, Crowdstrike, Fortinet, Palo Alto Networks, Trellix, and Trend Micro understand this. Thus, they are weaving together cybersecurity technology “platforms” as a one-stop-shop for security technology product needs. But do the vendors’ plans line up with customers’ expectations?

ESG and ISSA asked security professionals their definition of a cybersecurity technology platform.

  • 29% of respondents said it is a proprietary suite of security products offered by a single vendor;
  • 67% of respondents said it is an open suite of heterogeneous security products integrated using APIs based on open standards.
  • 4% of security professionals responded “other.”

As a proponent of industry cooperation and open standards, I’m pleased that two-thirds of security pros are in this camp. While I believe this is a bit optimistic, it sets the stage for an interesting dynamic as the platform approach takes shape.

With that in mind, ESG and ISSA dug deeper, asking security professionals to identify the most important attributes of different types of platforms, including extended detection and response (XDR), zero trust, cloud-native application protection platforms (CNAPP), and secure access service edge (SASE).

Here is what the security professionals we surveyed said they’re looking for in an XDR platform:

  • 43% of security professionals want an XDR platform to provide threat prevention, detection, and response capabilities, including controls, analytics, and response playbooks.
  • 42% of security professionals want an XDR platform to provide coverage across the entire attack surface—the whole hybrid IT infrastructure enchilada including endpoints, networks, data centers, cloud-based workloads, SaaS, identities, IoT devices, you name it.
  • 35% of security professionals want an XDR platform to provide central management and administration—in other words, no more “swivel chair” management from tool to tool.
  • 30% of security professionals want an XDR platform to provide advanced analytics consisting of things like modern data pipelining, stream processing, easy detection rules engineering, and backend machine learning capabilities.
  • 26% of security professionals want an XDR platform to include threat intelligence management capabilities for alert enrichment and an “outside-in” perspective. In other words, they want better alignment between internal network behavior and the tactics, techniques, and procedures used by cyberadversaries. (Sounds like MITRE ATT&CK framework support to me.)

It’s worth adding that many organizations want all these capabilities and a partner that can offer managed services to make everything work well in their environment. As previous ESG/ISSA research has greatly detailed, most organizations have a staff and skills shortage and need managed services to help them bridge the personnel gap.

Yes, there’s still lots of disagreement and bantering over what is and isn’t XDR and what a security technology platform should be, but while vendors and pundits engage in endless, mind-numbing debate, cybersecurity professionals have a thorough understanding of their challenges, shortages, and requirements.  And the data indicates that they would prefer solutions based on open standards. Hmm, maybe we should listen to what they have to say.

More on other platforms soon.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author