Cybereason Blog | Cybersecurity News and Analysis

Why XDR Adoption Should Be a CISO Priority

Written by Anthony M. Freed | Apr 27, 2022 12:43:48 PM

At the start of 2022, the results of a survey were published where CISOs and other security leaders shared their top cybersecurity challenges. “Managing increased risk of ransomware/cyber-extortion” came out on top, with 29% of respondents saying this is their biggest concern. 

This finding reflects how ransomware gangs have continued to refine their tactics with tricks like incorporating additional means of extortion into their attacks to land ever-larger ransom payments that range into the tens of millions of dollars in some cases. It also reflects the various costs that come with a successful attack.

In our recent report, titled Ransomware Attacks and the True Cost to Business, we described how two-thirds of organizations reported a loss of revenue after suffering a ransomware attack. This was slightly more than the proportion of organizations that suffered damage to their brands and reputations  (53%) following an attack. Along those same lines, a third of respondents noted that they also lost C-Level talent, and approximately a quarter said they were forced to halt business operations temporarily.

The Cost of a Data Breach 2021 Study revealed that a ransomware attack costs organizations an average of $4.62 million—more than the $4.24 million price tag for a typical data breach. That ransomware cost didn’t account for victims paying the ransom, but it did include various other damages. 

Respondents encountered challenges in addition to ransomware, as well. Indeed, 28% of participating CISOs and security leaders stated that they struggled to maintain the security configurations of their cloud resources, workloads, and apps. The same proportion revealed that they were working on addressing protection gaps across their hybrid multi-cloud and multi-platform environments. 

These obstacles, among others, are helping to shape organizations’ investment priorities for the year ahead. Cloud security was the most frequently cited priority at 35% of respondents. This was followed by data security, vulnerability management/assessment, and application security at 25%, 24%, and 23%, respectively.

How Can Organizations Meet Security Goals?

The skills gap makes it difficult for CISOs and other security leaders to meet the above priorities. Nearly 90% of organizations said they anticipated that the shortage would affect their security strategy for 2022. Half of the organizations thought that this impact would be significant. In contrast, just 12% of organizations stated they expected the cyber skills gap to not affect their plans.

Many organizations are turning to automation solutions to help them address the skills gap. But in doing so, they need to recognize the limitations of traditional security solutions. Take Security Information and Event Management (SIEM) as an example. This type of solution requires a data lake structure and cloud analytics, resources that tend to be expensive and whose utility varies widely depending on the data sources at hand.

Acknowledging that reality, SIEMs often generate false positives and too many alerts. This noise contributes to alert fatigue that can limit security teams’ ability to respond to legitimate security concerns.

It's a similar story to other traditional security solutions. Security Orchestration, Automation, and Response (SOAR) tools suffer from some of the same shortcomings as SIEM. However, there’s an additional weakness: there can be a lot of upfront investment in building automation workflows and playbooks based upon whichever integrations are available. 

Meanwhile, Endpoint Detection and Response (EDR) might be able to protect individual endpoints more effectively than legacy antivirus and antimalware tools, but being bound to the endpoint means it can’t provide visibility into malicious activity involving other assets or correlate telemetry from across the entire network.

There’s also the fact that some EDR solutions can’t even ingest all available telemetry for all endpoints that need to be protected. Subsequently, they engage in “data filtering,” where they eliminate essential telemetry even though it might be helpful for early detections. The tools simply cannot handle all the available intelligence.

Why XDR is Emerging as the Answer for CISOs

In contrast to the technologies discussed above, an XDR (Extended Detection and Response) solution extends threat detection and response capabilities across an entire IT environment, not just the endpoint. It does this without relying on expensive data models or being limited by external integrations. 

Additionally, leveraging artificial intelligence (AI) and machine learning (ML) to correlate telemetry from across an organization’s infrastructure is a vital aspect of a mature XDR solution. The application of AI/ML allows Defenders to move from a detect and respond mode to a more proactive “predictive response” posture where the likely next steps in an attack are anticipated and blocked, eliminating the opportunity to progress the attack to the next stage.

This predictive capability is the key to the future of security, enabling organizations to “defend forward” by understanding attacks from an operation-centric approach, where analysts are freed from chasing alerts that point to individual elements of an attack in favor of a holistic view of the entire attack story from root cause to every affected device, system and user.

And only an AI-driven XDR solution can deliver this predictive response capability that will shorten detection and remediation periods from days or weeks down to minutes. 

The AI-Driven XDR Advantage

An AI-driven XDR solution enables organizations to adopt an operation-centric approach to security that delivers the visibility organizations require to be confident in their security posture across all network assets and the automated responses to stop attack progressions at the earliest stages. 

This approach also allows Defenders to predict, detect, and respond to cyberattacks across the entire enterprise, including endpoints, networks, identities, cloud, application workspaces, and more.



Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about Cybereason AI-driven  XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.