Announcing XDR: The Future of Modern SOC

Share this post:

There is no shortage of challenges security teams face today: an ever-increasing barrage of advanced threats, an increase in number remote workers accessing the corporate network, proliferation of security tools to cover an expanding attack surface, an increase in number of cloud applications, and a shortage of security skills.

As IT environments become increasingly dispersed – with the proliferation of devices, users and technologies – CISOs cite several reasons that hamper cyber resiliency improvements.

But reasons that stood out were inability to reduce silo and turf issues (69%), fragmented IT and security infrastructure (65%), and lack of visibility into applications and data assets (60%).

Reasons why cyber resiliency hasn’t improved

The obvious next question is how many tools security teams deploy. You would be startled with the response.

83% of the respondents said they had more than 20 tools, with 30% of them having more than 50 tools. Which segment do you fall into?

See the graphic below.

How many tools security teams deploy?

So, what does this all mean?

The impact of many siloed tools and disjointed workflows is costs and complexity. As per ESG, survey in April 2021, 59% of organizations say cybersecurity has become more difficult over the last two years.

Also, data breaches are costing over $2 million per incident on an average, and taking an average of over 250 days to identify, according to the 2021 Cost of a Data Breach Report from Ponemon Institute.

Additionally, since traditional approaches rely on finding what is known, they miss the new threats. There is poor visibility or blind spots as digital transformation and cloud have expanded the monitoring needs. Lastly, humans can have difficulty in catching up with several moving parts.

Evolving enterprise architecture is compelling CISOs to modernize their SOCs

To strengthen cyber resiliency, CISOs must take threat management to the next level with a unified and connected approach that provides deeper visibility, automation and contextual insights across endpoint, network, cloud, and applications.

As per the survey, security investments that have led to significant improvement in cyber resiliency, automation, and ability to improve visibility stood out.

• 65% reported the ability to have visibility into applications and data assets
• 62% reported the use of automation, AI and machine learning

An open, unified, and connected approach to SOC modernization

To modernize SOC, CISOs need to work towards modernize their threat detection and response set-up so as to eliminate silos, unify workflows and automate work.

Extended Detection and Response or XDR offers that ability.

An XDR solution can unite multiple siloed security tools and reduce the complexity that impedes fast detection and response.

It can provide more advanced analytics and automated workflows that give teams time back to investigate and hunt for threats.

Hence, it’s hardly surprising that among those surveyed globally, 31% of organizations have adopted XDR, and 76% agree that adopting XDR has strengthened their organization’s cyber resiliency.

What is IBM’s announcing?

Realizing this, IBM is adding native XDR capabilities to our security portfolio by acquiring ReaQta, which brings AI-powered Endpoint Detection and Response (EDR) capabilities – among other things.

This acquisition, and the capabilities it brings, allows IBM Security to offer all core XDR functions – EDR, NDR, SIEM, SOAR, and Threat Intelligence – under our flagship QRadar brand to modernize your SOC.

As our global General Manager for IBM Security, Mary O’Brien, puts it, “The future of security is open, using technologies that can connect the security insights that are buried across disparate tools and advanced AI to identify and automatically respond to threats more quickly across their entire infrastructure, from endpoint to cloud. With our expanded capabilities via QRadar XDR and the planned addition of ReaQta, IBM is helping clients get ahead of attackers with the first XDR solution that reduces vendor lock-in via the use of open standards.”

IBM Security QRadar XDR suite will modernize your security architectures by helping:

• Eliminate silos to gain visibility across data sources – on cloud and on-prem
• Unify workflows for seamless user experience for analysts
• Automate repetitive work for faster, streamlined response
• Be Open: Future proof architecture to avoid vendor lock-in

Our next blog in this series will focus on how IBM XDR is a combination of EDR, NDR, SIEM, SOAR and Threat Intel.

Read more here:

Cyber Resilient Organization Study 2021

Ponemon Cost of Data Breach Study