5 things security pros want from XDR platforms

According to new research from ESG and the Information Systems Security Association (ISSA) 58% of organizations are consolidating or considering consolidating the number of security vendors they do business with. It’s simply too hard to manage an army of disconnected security point tools, each requiring its own training, implementation, administration, and ongoing support.

This means that organizations will buy more products from fewer vendors, and big cybersecurity tech kahunas like Check Point, Cisco, Crowdstrike, Fortinet, Palo Alto Networks, Trellix, and Trend Micro understand this. Thus, they are weaving together cybersecurity technology “platforms” as a one-stop-shop for security technology product needs. But do the vendors’ plans line up with customers’ expectations?

ESG and ISSA asked security professionals their definition of a cybersecurity technology platform.

• 29% of respondents said it is a proprietary suite of security products offered by a single vendor;
• 67% of respondents said it is an open suite of heterogeneous security products integrated using APIs based on open standards.
• 4% of security professionals responded “other.”

As a proponent of industry cooperation and open standards, I’m pleased that two-thirds of security pros are in this camp. While I believe this is a bit optimistic, it sets the stage for an interesting dynamic as the platform approach takes shape.

With that in mind, ESG and ISSA dug deeper, asking security professionals to identify the most important attributes of different types of platforms, including extended detection and response (XDR), zero trust, cloud-native application protection platforms (CNAPP), and secure access service edge (SASE).

Here is what the security professionals we surveyed said they’re looking for in an XDR platform:

• 43% of security professionals want an XDR platform to provide threat prevention, detection, and response capabilities, including controls, analytics, and response playbooks.
• 42% of security professionals want an XDR platform to provide coverage across the entire attack surface—the whole hybrid IT infrastructure enchilada including endpoints, networks, data centers, cloud-based workloads, SaaS, identities, IoT devices, you name it.
• 35% of security professionals want an XDR platform to provide central management and administration—in other words, no more “swivel chair” management from tool to tool.
• 30% of security professionals want an XDR platform to provide advanced analytics consisting of things like modern data pipelining, stream processing, easy detection rules engineering, and backend machine learning capabilities.
• 26% of security professionals want an XDR platform to include threat intelligence management capabilities for alert enrichment and an “outside-in” perspective. In other words, they want better alignment between internal network behavior and the tactics, techniques, and procedures used by cyberadversaries. (Sounds like MITRE ATT&CK framework support to me.)

It’s worth adding that many organizations want all these capabilities and a partner that can offer managed services to make everything work well in their environment. As previous ESG/ISSA research has greatly detailed, most organizations have a staff and skills shortage and need managed services to help them bridge the personnel gap.

Yes, there’s still lots of disagreement and bantering over what is and isn’t XDR and what a security technology platform should be, but while vendors and pundits engage in endless, mind-numbing debate, cybersecurity professionals have a thorough understanding of their challenges, shortages, and requirements.  And the data indicates that they would prefer solutions based on open standards. Hmm, maybe we should listen to what they have to say.

More on other platforms soon.