Extended detection and response (XDR) momentum is snowballing as CISOs in the tech industry are searching for a solution for common security challenges, Trellix and Enterprise Strategy Group (ESG) reported in a recent survey. 

Users seek XDR to address common threat detection and response challenges — current tools require specialized skills, struggle to detect and investigate advanced threats, and are not effective at correcting alerts, noted the survey.

Trellix and ESG surveyed 376 IT and cybersecurity professionals in North America. And they found more than half (52%) of the respondents stated that their organization’s security operations landscape had become more challenging to manage in the last two years. The most prominent sores professionals reported were the rapidly growing and changing threat landscape (41%) and the expansion of attack surfaces (40%), according to the survey.

These challenges will only accelerate, leading many CISOs to implement initiatives focused on security operations center (SOC) modernization, said ESG. SecOps want XDR to prioritize alerts “based on risk, improve detection of advanced threats, create greater efficiency in forensic investigations, reinforce security controls, and prevent future attacks.”

An overwhelming number (81%) of professionals admitted that the cybersecurity skills shortage had impacted their security operations, according to the survey. Further, 42% confirmed their organizations do not have adequate skills for their security operations. 

To combat this, CISOs look to XDR to “streamline SecOps and bolster staff productivity to alleviate shortages,” wrote ESG — addressing the belief that talent shortages translate to an increased workload and unhappy or burnt-out staff.

Security architects are the most understaffed areas of security operations (37%). This figure is closely followed by a shortage of security engineers (35%) as an understaffed area in security operations. There are also pressing vacancies in tier-3 analysts and vulnerability assessment/ prioritization analysts.

CISOs look to XDR and advanced threat detection to improve security efficacy, according to the survey. The highest priority XDR use cases are improved detection of advanced threats and an XDR solution that could help prioritize alerts based on risk, both favored by 26% of respondents.

However, the survey notes that XDR is not seen as a potential replacement for current SOC technologies — security information and event management (SIEM), security orchestration, automation, and response (SOAR), or threat intelligence platform (TIP). Instead, 52% of professionals believe XDR will supplement existing technologies.

“XDR seems like an attractive option since current tools struggle to detect and investigate advanced threats, require specialized skills, and aren’t effective at correlating alerts,” wrote Senior Principal Analyst and ESG Fellow Jon Oltsik and Principal Analyst Dave Gruber. “Clearly, users want XDR to fill gaps within the security stack while improving the efficacy and efficiency of threat detection and response.”