Threat Management

New threats expand use cases for XDR threat detection in 2022

Flat vector illustration depicting information technology danger education.

 In 2022, security practitioners struggled to address the growing attack surface created by their rapid push to remote work and cloud-based operations during the previous two years. Cyber criminals exploited new vulnerabilities – including those introduced by the growing use of third-party software – to launch ransomware and other attacks. 

But with tools like zero trust, XDR and more automated threat intelligence tech to bolster vulnerability management, cloud, email and endpoint security, organizations fought back – and established plans to invest more to secure networks and data in the next two years. 

Click here to download the full 2022 Cybersecurity Year in Review Report from SC Media.

The following is the fifth of a seven-part series about where security practitioners struggled and, in many cases, made headway throughout 2022. Here, we focus on their efforts to bolster defenses with XDR. 

The need for more advanced security tools

The threat landscape continued to expand throughout 2022 as organizations  shifted from on-premises to cloud-based operations and criminal actors exploited the resulting vulnerabilities to flood targets with ransomware and other malware. Along the way, security teams realized that their defensive tools could no longer keep up. 

To turn the tide, many security leaders pinned their hopes on eXtended Detection and Response (XDR), albeit by way of observation. Indeed, March and April CyberRisk Alliance Business Intelligence surveys of 300 IT and cybersecurity decision-makers and influencers from the United States found that while current XDR adoption levels were low, interest was high

The interest in XDR, which essentially takes a more holistic approach to threat protection, reflects concerns among security leaders that the sophistication of attacks more often then ever before leads to failure in detection. One respondent pointed to a data breach last year that the organization didn’t detect until the damage was done.

“We didn’t see any red flags; everything was normal,” the respondent said. “However, we were actually under attack. Even though we discovered it in less than 10 days, that’s still a lot of time when you’re under attack. I know some companies don’t find out that they suffered a data breach after like six months, and that’s really crazy.”

Security vendors, seeing the growing hunger for next-generation solutions, moved to enhance their XDR portfolios throughout 2022.

During CrowdStrike’s Fal.Con 2022 event in September, for example, the company unveiled updates to its various security products and an expansion of its CrowdXDR Alliance. Crowdstrike announced the joining of Cisco, Fortinet, and ForgeRock to the CrowdXDR Alliance and revealed plans to integrate telemetry with its third-party partner vendors. 

Elsewhere, Armorblox announced the integration of its cloud-based email security platform with SentinelOne Singularity XDR to protect businesses against socially engineered targeted attacks. The two companies said tight integration between XDR and email security will let security operations (SecOps) teams deepen threat investigations and accelerate responses to business email compromise, financial fraud, and sensitive data loss.

The frustration of security practitioners with current security tools was evident in CyberRisk Alliance’s survey responses. For example, the lack of visibility or context from existing security solutions caused 47% of respondents to miss threats at least once in the past 12 months.  Only 17% said they were very satisfied with their ability to correlate security data across all products and services. 

Without the ability to see anomalies and/or malicious activities as they occur and across the spectrum of products and services, it’s impossible to catch everything. Poor visibility into network threats was seen as a significant problem for monitoring employee-owned endpoints, software vendors and third-party partners.  

Security teams integrating XDR into future plans

While familiarity with XDR is high (70%), current adoption of an XDR platform is relatively low — only 12% of respondents reported using this technology. But for those either using the technology or planning to invest in it, top benefits include faster detection and overall risk management improvement.

While XDR technology has yet to become widespread, a large majority (77%) of respondents said they are somewhat or very likely to invest in XDR technology in the next two years. 

“It runs smoothly with other software we are using and catches almost every threat and issue,” said one current user who took the survey. “It is easy to deploy, easy to update, can make changes as needed quickly, and our employees are able to get up to speed quickly.” 

Bill Brenner

Bill Brenner is VP of Content Strategy at CyberRisk Alliance — an InfoSec content strategist, researcher, director, tech writer, blogger and community builder. He was formerly director of research at IANS, senior writer/content strategist at Sophos, senior tech writer for Akamai Technology’s Security Intelligence Research Team (Akamai SIRT), managing editor for CSOonline.com and senior writer for SearchSecurity.com.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.