Build a Rock Solid Business Case for Detection and Response

This post is also available in: 日本語 (Japanese)

In February, we unveiled Cortex XDR, the world’s first detection and response app that breaks down security silos to stop sophisticated attacks. We developed it with one goal in mind—to help customers like you safeguard your users and data. 

To uncover stealthy threats, such as low and slow attacks and evasive malware, we needed to be able to analyze massive amounts of data with machine learning.  At the same time, we wanted to address today’s top security operations challenges, including:

• Analysts overloaded with too many incomplete, inaccurate security alerts, to the tune of 174,000 alerts per week for an average company, according to our 2018 Demisto State of SOAR report.
• Manual investigations that force analysts to piece together the “who, what, where, how” details from disconnected security tools
• A sprawling jumble of single-purpose products to deploy, manage and maintain

Up until now, if organizations wanted to protect all their digital assets, they needed to provision siloed endpoint detection and response (EDR), network traffic analysis (NTA), and user and entity behavior analytics (UEBA) tools. This meant deploying new appliances, new endpoint agents and additional on-premises log servers. 

Rather than follow the status quo, we introduced a new approach that simplifies security operations and, as a result, lowers the total cost of ownership (TCO). The business case for considering Cortex XDR over point solutions like EDR is extremely compelling. Estimates of an average enterprise with 10,000 users show annual savings of over $889,000 including:

• 43% saved on alert triage and investigation costs
• 50% saved on management and maintenance costs for software, hardware and log servers
• 25% saved on endpoint security
• 42% saved on network traffic analysis (NTA)

Goodbye, Security Silos

With Cortex XDR, you can detect and respond to threats across all your network, endpoint and cloud assets. Instead of deploying more hardware and software, you can use your security infrastructure as sensors and enforcement points. You can store all your security data in Cortex Data Lake, a scalable, cloud-based data repository, avoiding the limitations of on-premises log storage. 

Cortex XDR provides all the capabilities of traditional EDR, NTA, and UEBA products. Plus, because Cortex XDR includes Traps endpoint protection agents standard, you also receive the best possible endpoint protection available. 

Cortex XDR not only saves money through consolidation, but also improves IT efficiency by dynamically stitching together data, resulting in faster and better investigations. Your security team can also take advantage of unique features like root cause analysis of incidents, one-click investigations of any alert, and incident management workflows. Security teams enjoy better security outcomes, reduced labor costs, and lower risk. 

By simplifying security operations, lowering maintenance and log management costs and leveraging existing security infrastructure as sensors for detection and response, you can reduce your total cost of ownership (TCO) for detection and response by 44% compared to siloed tools. This white paper explains how to get started.