Why improving your security operations centre using XDR makes sense

Daily life for IT security teams has become much more complex during the past couple of years. Threats are evolving more quickly and the way in which workforces’ function has changed.

According to research recently undertaken by LogRhythm, 64 per cent of security professionals nominate remote workforces as their biggest challenge. This is followed by the threats posed by ransomware (60 per cent) and vulnerabilities in software applications (59 per cent).

As a result, many chief information security officers (CISOs) are focusing their attention on two issues. The first is the deployment of advanced tools that use technologies such as artificial intelligence (AI), machine learning (ML) and automation that allow security teams to achieve more within constrained budgets.

The second is finding in-house security expertise. This is being made difficult by the critical shortage of cyber security talent that is currently being experienced around the world.

Because of these issues, growing numbers of organisations are realising they need to modernise their security operation centres (SOCs). These resources sit at the very heart of the security infrastructure and guide responses to threats as these are identified.

The benefits of modernising the SOC

The biggest motivation for an organisation to modernise its SOC is to make its existing security team more productive. With staff numbers lower than is ideal, ensuring those who are present can get as much done as possible is key.

This challenge was highlighted by recent industry research that found 31 per cent of CISOs felt their security teams were spending most of their time addressing high-priority and emergency threats rather than on more comprehensive and strategic threat detection.

VIEW ALL

Almost a third (29 per cent) admitted they had blind spots in their IT infrastructures while 23 per cent said they were finding it difficult to correlate and combine data from different security controls. This, in turn, was having a detrimental impact on their ability to detect threats. They can see that SOC modernisation can help to overcome these challenges.

How to modernise

There are some key steps an organisation can take to modernise and improve the functioning of its SOC. The first is to establish a common workspace for all security analysts. This common workspace will ensure that everyone is “on the same page” and using similar tools and strategies.

Taking this approach avoids duplication of efforts and allows knowledge to be readily shared between team members. It also helps to ensure budgets are used in the most effective way and deliver maximum value.

A second step is to automate as many security tasks as possible. This can relieve security staff from having to constantly repeat mundane chores and instead focus their time and attention on more value-adding activities.

CISOs can also look to improve the detection rules and analytics capabilities of their SOC. Using AI and ML-powered tools, the capabilities of the SOC can be increased even while headcounts remain the same.

Another modernisation step that is worth taking is the creation of end-to-end visibility across what are increasingly hybrid IT infrastructures. Security teams need to be able to monitor and secure resources on cloud platforms as readily as they can monitor resources located on premise.

The benefits of XDR

Increasingly, in an effort to improve the capabilities of their SOCs, CISOs and their IT security teams are embracing the concept of extended detection and response (XDR).

XDR is an integrated security technology architecture that spans hybrid IT infrastructures and is designed to interoperate and co-ordinate threat prevention, detection and response. It unifies control points, security telemetry, analytics and operations into one comprehensive enterprise-wide system.

Embracing an XDR strategy can deliver some significant benefits. Initially, it can help to create that common workspace for security analysts and allow threats to be managed more readily.

It can also deliver the capability to automate many tasks and ensure resources are being used in the most effective way possible. At the same time, XDR can also improve threat detection and help to prevent successful intrusions.

With the threats posed by cyber attacks unlikely to decrease any time soon, taking the steps needed to improve the function of a SOC can deliver significant benefits to an organisation. Consider how an XDR strategy can benefit your security team in 2022.

Joanne Wong is the vice-president, international marketing APAC and EMEA, at LogRhythm.