没有合适的资源?快使用搜索试试~ 我知道了~
Gartner发布XDR扩展检测和响应市场指南
需积分: 5 0 下载量 107 浏览量
2023-09-22
11:33:14
上传
评论
收藏 431KB PDF 举报
温馨提示
试读
19页
Gartner发布XDR扩展检测和响应市场指南:全球十大代表性XDR厂商、XDR的四大典型用例 XDR 是一项不断发展的技术,可以为安全运营团队提供统一的威胁预防、检测和响应能力。这项研究为 SRM 领导者了解和评估 XDR 平台对其需求的适用性提供了战略指导。
资源推荐
资源详情
资源评论
Gartner, Inc. | G00761828
Page 1 of 18
Market Guide for Extended Detection and
Response
Published 17 August 2023 - ID G00761828 - 20 min read
By Analyst(s): Thomas Lintemuth, Peter Firstbrook, Ayelet Heyman, Craig Lawson, Jeremy
D'Hoinne
Initiatives: Infrastructure Security
XDR is an evolving technology that can offer unified threat
prevention, detection and response capabilities for security
operations teams. This research provides strategic guidance for
SRM leaders to understand and evaluate the applicability of XDR
platforms for their needs.
Overview
Key Findings
Recommendations
SRM leaders looking to improve threat detection and incident response capabilities
should:
Security and risk management (SRM) leaders continue to seek security vendor and
product consolidation to manage risk and improve security operations productivity.
Extended detection and response (XDR) vendors are making a play in this
consolidation.
■
Initial XDR adoption is primarily at organizations with smaller security teams that
likely have not fully utilized security information and event management
(SIEM)/security orchestration automation and response (SOAR) products.
■
XDR will be an increasingly critical capability for buyers to evaluate when seeking
strategic architectural decisions for their security operations program. XDR is built
around multiple products designed to provide a more comprehensive offering for
workspace security, network security or workload security domains.
■
Evaluate a vendor consolidation strategy utilizing XDR when improvement to
security efficacy and security operations productivity can be demonstrated.
■
This research note is restricted to the personal use of chenlizhen@qianxin.com.
Gartner, Inc. | G00761828
Page 2 of 18
Strategic Planning Assumption
By year-end 2028, XDR will be deployed in 30% of end-user organizations to reduce the
number of security vendors they have in place, up from less than 5% today.
Market Definition
Extended detection and response (XDR) delivers security incident detection and
automated response capabilities for security infrastructure. XDR integrates threat
intelligence and telemetry data from multiple sources with security analytics to provide
contextualization and correlation of security alerts. XDR must include native sensors, and
can be delivered on-premises or as a SaaS offering. Typically, it is deployed by
organizations with smaller security teams.
Market Description
XDR is an evolving technology that promises to deliver a more unified and efficient
approach to detect and respond to threats. It is designed to deliver operational efficiencies
with minimal customization. The XDR market consists of vendors that offer tightly
integrated security products that offer common threat prevention, detection and incident
response capability across the entire array of commonly deployed security infrastructure.
The XDR market is growing, with products emerging from a variety of vendors,
approaches and backgrounds. XDR products will appeal to pragmatic security leaders
that do not have the resources to ramp up a large portfolio of diverse security products
and/or struggle to get full value from SIEM and SOAR tools. The downside to XDR
deployments is they are generally less open and typically offer fewer use cases than
SIEM. In addition, SOAR products are commonly used for automation as well as incident
response tasks.
XDR can improve a security operations capability by:
Evaluate any unused functionality in existing SIEM/SOAR first to ensure that XDR
will cover any specific gaps in threat detection and response program. XDR should
not replace SIEM/SOAR that is already deployed and working effectively.
■
Evaluate XDR on its overall utility not just component parts; features to consider
include functional orchestration and automation; quick and immediate response;
and advanced security analytics.
■
This research note is restricted to the personal use of chenlizhen@qianxin.com.
Gartner, Inc. | G00761828
Page 3 of 18
XDR can improve security operations staff productivity by:
Figure 1 illustrates the core XDR components.
Sharing threat intelligence immediately among components to provide efficient
blocking of threats across all components.
■
Combining weak signals from multiple components into stronger signals.
■
Reducing missed alerts by correlating and confirming alerts automatically.
■
Integrating the required relevant data for accurate and rapid alert triage.
■
Providing centralized configuration with weighted guidance to help prioritize
activities.
■
Converting a large stream of alerts into a condensed number of incidents that can be
manually investigated efficiently.
■
Providing integrated incident response options that have necessary context from all
security components to resolve alerts quickly.
■
Providing response options that go beyond infrastructure control points.
■
Providing an orchestration and automation capability for repetitive tasks.
■
Reducing training and skills needed to complete operational tasks by providing a
common management and workflow experience across security products.
■
Providing usable and high-quality detection content with little to no tuning required.
■
This should be over and above existing expectations security leaders have for
point products that are rolling up into XDR.
■
Examples include the usage of the MITRE ATT&CK framework for threat
classifications/visualizations, as well as the product’s ability to respond
automatically to known events.
■
This research note is restricted to the personal use of chenlizhen@qianxin.com.
剩余18页未读,继续阅读
资源评论
lurenjia404
- 粉丝: 2039
- 资源: 123
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于新唐N76E003单片机SPI接口配置为SPI-Master+Slave 模式软件例程源码.zip
- android开发期末大作业基于Androidstudio的医疗系统app源码(高分项目).zip
- assets_e4b6f25e1c38b56b464c56c31c1a361d.mp4
- 基于Android studio设计的图书借阅管理系统APP期末大作业(高分项目).zip
- 安卓期末大作业-音乐播放器App-AndroidStudio开发(高分项目)
- 行人重识别-用于行人重识别的稀疏标签平滑正则化优化-附项目源码+流程教程-优质项目实战.zip
- Python绘图艺术.zip
- 安卓期末大作业(AndroidStudio开发),记事本app源码(高分项目).zip
- 安卓期末大作业Androidstudio-记事本app源码(95分以上).zip
- Java数据结构实现之Queue.zip
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功