Gartner’s “2020 Top Security and Risk Management Trends” report is out. Our takeaway: XDR (extended detection and response) and security process automation – two cornerstones of Cortex – will have broad industry impact and significant potential for disruption in the coming year and beyond.
The report describes pressing security challenges that security teams grapple with, which we have summarized as:
- The need to defend against increasingly powerful and varied attacks.
- A growing security skills gap.
- Cybersecurity complexity brought on by emerging technologies such as containers and Internet of Things (IoT) devices.
- Increasing regulations for data protection and privacy.
XDR helps security teams address these issues by centralizing, normalizing and correlating security data from multiple sources. This increases detection capabilities when compared to siloed tools such as endpoint detection and response (EDR), both because it provides more complete visibility (for example, using network data to track vulnerable unmanaged endpoints that can’t be seen by EDR tools), and because it combines softer signals from multiple components in order to detect events that might otherwise be ignored. XDR analyzes data from multiple sources to validate alerts, thus reducing false positives and overall alert volumes. All of this allows XDR to improve the efficiency and the effectiveness of security teams.
While EDR and security incident and event management (SIEM) solutions have achieved much wider adoption to date, XDR is expected to cause significant disruption as it addresses some of the shortcomings of those tools. XDR delivers all the functionality of EDR while also offering the opportunity for companies to correlate their endpoint data with other security sensors, either now or in the future, adding significant visibility and value. While many companies have SIEM solutions that aggregate data, the data that a SIEM collects is broader and shallower than what XDR solutions collect, providing less context for investigations and requiring a lot of manual integration and tuning work, thus demanding resources that many companies do not have.
In addition to alert correlation and improved accuracy, XDR solutions improve security team productivity and enable faster and more automated incident response capabilities, another element that we believe to be in line with Gartner’s top security trends. Our belief is that there are numerous opportunities to use security process automation for manual, time-consuming and error-prone tasks that are part of many security workflows. Key use cases include playbook automation and threat intel collection, which are core capabilities of security orchestration, automation and response (SOAR) solutions.
Palo Alto Networks has recognized these market challenges and the technologies required to solve them. Cortex XDR and Cortex XSOAR are helping companies to realize the vision of a more powerful, efficient and connected SOC, earning industry-leading scores in third-party testing (such as from MITRE and NSS Labs), glowing analyst reviews (such as from SANS), and most importantly, happy customers.
Get a copy of Gartner’s “Top Security and Risk Management Trends” today to see all nine of their trends and to learn how XDR and security automation can help your security team improve resilience, better support business objectives and elevate its organizational standing in 2020.
2020 Gartner Top Security and Risk Management Trends, Peter Firstbrook, Neil MacDonald, Lawrence Orans, Mario de Boer, Katell Thielemann, Bart Willemsen, Akif Khan, Michael Kranawetter, 27 February 2020