SOC Modernization and the Role of XDR

Every security operations center demands massive scale to collect, process, analyze, and act upon enormous amounts of data. Early XDR was anchored to two primary data sources: endpoints and networks. While this was an improvement on disconnected EDR and NDR tools, threat detection and response across enterprise organizations demands a wider aperture, including cloud workloads, threat intelligence feeds, SaaS applications, and identity and access management visibility. 

At the same time, in order to modernize security operations centers and keep up with the volume of security alerts, large organizations need advanced analytics to help automate Tier 1-analyst tasks like triaging alerts, correlating alerts with indicators of compromise (IoCs), and preparing incidents for investigations. 

This report surveyed 376 IT and cybersecurity professionals at organizations in the U.S. and Canada personally responsible for evaluating, purchasing, and utilizing threat detection and response security products and services to gain insights into these trends and issues.