Gartner发布XDR扩展检测和响应市场指南_扩展检测和响应市场指南资源-CSDN文库

需积分: 5 107 浏览量 2023-09-22 11:33:14 上传评论收藏 431KB PDF 举报

资源推荐

资源详情

资源评论

Gartner, Inc. | G00761828

Page 1 of 18

Market Guide for Extended Detection and

Response

Published 17 August 2023 - ID G00761828 - 20 min read

By Analyst(s): Thomas Lintemuth, Peter Firstbrook, Ayelet Heyman, Craig Lawson, Jeremy

D'Hoinne

Initiatives: Infrastructure Security

XDR is an evolving technology that can offer uniﬁed threat

prevention, detection and response capabilities for security

operations teams. This research provides strategic guidance for

SRM leaders to understand and evaluate the applicability of XDR

platforms for their needs.

Overview

Key Findings

Recommendations

SRM leaders looking to improve threat detection and incident response capabilities

should:

Security and risk management (SRM) leaders continue to seek security vendor and

product consolidation to manage risk and improve security operations productivity.

Extended detection and response (XDR) vendors are making a play in this

consolidation.

■

Initial XDR adoption is primarily at organizations with smaller security teams that

likely have not fully utilized security information and event management

(SIEM)/security orchestration automation and response (SOAR) products.

■

XDR will be an increasingly critical capability for buyers to evaluate when seeking

strategic architectural decisions for their security operations program. XDR is built

around multiple products designed to provide a more comprehensive offering for

workspace security, network security or workload security domains.

■

Evaluate a vendor consolidation strategy utilizing XDR when improvement to

security efﬁcacy and security operations productivity can be demonstrated.

■

This research note is restricted to the personal use of chenlizhen@qianxin.com.

Gartner, Inc. | G00761828

Page 2 of 18

Strategic Planning Assumption

By year-end 2028, XDR will be deployed in 30% of end-user organizations to reduce the

number of security vendors they have in place, up from less than 5% today.

Market Definition

Extended detection and response (XDR) delivers security incident detection and

automated response capabilities for security infrastructure. XDR integrates threat

intelligence and telemetry data from multiple sources with security analytics to provide

contextualization and correlation of security alerts. XDR must include native sensors, and

can be delivered on-premises or as a SaaS offering. Typically, it is deployed by

organizations with smaller security teams.

Market Description

XDR is an evolving technology that promises to deliver a more uniﬁed and efﬁcient

approach to detect and respond to threats. It is designed to deliver operational efﬁciencies

with minimal customization. The XDR market consists of vendors that offer tightly

integrated security products that offer common threat prevention, detection and incident

response capability across the entire array of commonly deployed security infrastructure.

The XDR market is growing, with products emerging from a variety of vendors,

approaches and backgrounds. XDR products will appeal to pragmatic security leaders

that do not have the resources to ramp up a large portfolio of diverse security products

and/or struggle to get full value from SIEM and SOAR tools. The downside to XDR

deployments is they are generally less open and typically offer fewer use cases than

SIEM. In addition, SOAR products are commonly used for automation as well as incident

response tasks.

XDR can improve a security operations capability by:

Evaluate any unused functionality in existing SIEM/SOAR ﬁrst to ensure that XDR

will cover any speciﬁc gaps in threat detection and response program. XDR should

not replace SIEM/SOAR that is already deployed and working effectively.

■

Evaluate XDR on its overall utility not just component parts; features to consider

include functional orchestration and automation; quick and immediate response;

and advanced security analytics.

■

This research note is restricted to the personal use of chenlizhen@qianxin.com.

剩余18页未读，继续阅读

内容反馈

lurenjia404

粉丝: 2039
资源: 123

最新资源

资源上传下载、课程学习等过程中有任何疑问或建议，欢迎提出宝贵意见哦~我们会及时处理！点击此处反馈

feedback-tip