Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

Is XDR Right for My Organization?

Well ... it depends on what you're trying to accomplish, at least for now. The good news is that many modern SIEMs are starting to adopt XDR-like capabilities.

Matthew Warner, CTO and Co-Founder, Blumira

March 11, 2022

2 Min Read
Indecisive businessman holding two slips of paper, one that says yes and the other no.
Andriy Popov via Alamy Stock Photo

Question: How do I know whether XDR is right for my organization?

Matthew Warner, CTO and Co-Founder, Blumira: As organizations accrue more controls and technology, they also add complexity; it’s a natural evolution of security maturity. Often this presents itself as an increase in those “accidental misses” across technologies — perhaps a reported phishing email was dropped or an alert for a PUP resulted in a workstation being corrupted. It’s likely no one's fault but rather the fault of the processes and tools in place that require another layer to level out effort with response needs.

Extended detection and response (XDR) will likely crop up in your research as a potential solution. And especially if you have a security information and event management (SIEM) platform, it’s natural to wonder whether XDR is a necessary addition.

According to Forrester analyst Allie Mellen, SIEM and XDR are on a crash collision course. In the meantime, it’s important to evaluate the use cases of each tool. Traditionally, SIEM use cases have focused mainly on compliance, reporting, patching, and triaging. SIEMs require a lot of manual care and feeding, and they often lack detection and response capabilities. XDR, on the other hand, is more focused around real-time hunting, detecting indicators of compromise, and getting immediate answers to help prevent an attack in progress.

Deciding whether you need XDR depends on your internal requirements, resources, and maturity goals for security. What resources have been allocated to your team, and how large is the team going to become? In almost all situations, it is not financially feasible or timely to build your own security operations center (SOC) from the ground up. Leveraging existing knowledge is paramount and should only make your life easier.

Fortunately, many modern SIEMs are starting to adopt XDR-like capabilities, so it may not be necessary to choose one over the other. However, a tool like XDR can allow you to centralize your tooling into one central detection and analysis platform as well as rapidly reduce complexity and effort for IT and security teams. It’s important to focus on how quickly you can apply a response and how your processes can support this response rather than how to detect the next new bad thing. Leaving this effort to your XDR, managed detection and response (MDR), or managed SIEM tools allows you to focus on running the business.

About the Author(s)

Matthew Warner

CTO and Co-Founder, Blumira

Matt is CTO and Co-Founder of Blumira, a leading cybersecurity provider of automated threat detection and response technology. At Blumira, he leads the security and engineering efforts to provide actionable insights into cybersecurity risks at scale. Matt has over 10 years of experience in IT, Information Security, and Software Engineering, focusing on business strategy, architecture, compliance, threat detection and penetration testing. Previously, he was Director of Security Services, Development & Security at NetWorks Group, responsible for defensive information security and services.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights