How XDR reduces the total cost of security operations

How XDR reduces the total cost of security operations

Ransomware is becoming more prevalent and organisations are having to rethink their security strategies to stay protected. Hussam Sidani, Regional Vice President, Middle East and Turkey, Cybereason, explores the costs of combatting ransomware and how to mitigate it.

Ransomware is on the loose, with an attack occurring every 11 seconds on average and causing one in three affected organisations to shell out anywhere from US$350,000 and US$1.4 million.

Hussam Sidani, Regional Vice President, Middle East and Turkey, Cybereason

As ransomware gets both more accessible (RaaS) and increasingly sophisticated (RansomOps), security requirements have had to advance along with it.

To mitigate the risks, organisations have poured money into technology and into hiring the best talent. Unfortunately, this has left most organisations with tool sprawl, shelfware or an overly complex security stack and a total cost of ownership that just wasn’t budgeted for.

Security operations costs

According to the Cooper Fitch UAE Salary Guide 2022, an SOC analyst can make approx. US$153K per year – that’s roughly US$12k per month!

Next, there’s the technology, which can vary widely depending on the solutions an organisation requires and does not account for whether or not your organisation is getting the most bang for the buck from the solutions investments. One CSO Online study reports that 50% of security leaders say they don’t use all of the features included in their security technologies, for example.

In addition, if you’re not careful, your organisation could end up with some tools that simply don’t integrate well with others in the stack, solutions that are subject to vendor lock-in and won’t scale with the security program and products that have duplicate features.

Then there’s the issue of effectively aggregating all the data from all those separate solutions in an efficient manner, so that is actionable. While useful, uncorrelated SIEM alerts simply don’t provide the ‘big security picture’ of what’s going on enterprise-wide despite their promise to do so.

Inefficiency in the solutions stack is what leads to issues like tool sprawl, shelfware and a lack of trust from leadership when it comes to maintaining and growing the security budget for next year.

But, say you do get a shiny new tool that works for your organisation; now you have to figure in the cost to deploy it, the cost to revamp security operations and strategy to address the additional capabilities, any downtime required to implement and any other subsequent cost considerations.

In addition to that, there is also the cost of upskilling your current security team or hiring more to support the solution (especially tough given the challenges of the ongoing cyber talent shortage).

Then, you must reconfigure roles, salaries, job positions and all the details that go along with it, schedules, benefits and team chemistry – all of which costs nearly as much in time as it does in money.

And in response to a rapidly evolving threat landscape, solutions are also evolving faster than ever, so, your current security stack may not integrate with newer technologies picked up as you go; unless you have a solution that can integrate them.

And this is just a very simple breakdown of the associated costs.

XDR lowers the cost of security operations

An open-architecture XDR solution is able to work with your existing tool stack, on-premises or in the cloud (as many companies are still making the transition and will be for several years) and is vendor-agnostic, so you can make the most of your tool stack.

Furthermore, it can aggregate telemetry across existing technologies, making use of your investments and bringing them all together to tell the full security story of your enterprise, from the endpoint to the cloud.

XDR benefits:

Security team force-multiplier: XDR is a force-multiplier for your security team by freeing up analysts from the endless cycle of triaging, investigating and correlating an endless stream of alerts from across the security stack, by delivering the entire correlated attack story and offering automated or one-click guided response options.

Avoid tool sprawl and shelfware: Regarding the public cloud alone, one CSO Online survey found: ‘only a third of organisations that are using public cloud have a unified solution with full integration and central management.’ XDR works on-premises, in the cloud and across hybrid environments, aggregating telemetry across platforms and providing better visibility by consolidating all related telemetry into one detection instead of a flood of disparate alerts.

Reduced support costs: The AI-driven XDR solution capabilities increases both efficacy and efficiency on the SOC by eliminating false positives and consolidating alerts into a single detection. Contrast that with SIEM solutions, which require a lot of care and feeding and Defenders end up spending too much time managing and tuning their SIEM deployments rather than actually doing the job they were hired to do – mitigating threats.

Storage and analytics: An AI-driven XDR solution can also bring improved efficiency and lower cloud processing and storage costs for logs/telemetry. Organisations can save on storage and analytics costs while upskilling analysts with intuitive, extensible threat hunting.

Provides protection beyond the endpoint: An open XDR solution integrates with the key IT and security solutions to deliver comprehensive network coverage that correlates endpoint telemetry with intelligence from identity management, application suites, workspaces, the cloud and more for a unified prevention, detection and response advantage.

In summary, an AI-driven XDR solution extends detection and response capabilities throughout the enterprise by unifying telemetry analysis from across the security and IT stacks. This allows organisations to optimise efficacy, improve operational efficiency at scale and eliminate detection blind spots by generating deeply contextual correlations from endpoints, identity management, workspaces, application suites, the cloud and more.

The result is a true win-win – improved security with a reduced total cost of security operations.

Click below to share this article

Browse our latest issue

Intelligent CIO Africa

View Magazine Archive