Download a PDF copy of the whitepaper
1: Introduction
2:XDR security spending increasing among SMBs, 2022 to 2023
3: Business impact
4: Looking ahead
451 Research Business Impact Brief
The Take
Small and medium-sized businesses (SMBs), which S&P Global defines as those with fewer than 1,000 employees, are accelerating their adoption of proactive and responsive security technologies as the threat landscape becomes more sophisticated, attack surfaces expand, and attackers focus on organizations of all sizes. Many SMBs have failed to implement advanced security technologies for reasons that include a lack of affordable solutions tailored to their requirements. Incumbent security vendors have tried to adapt solutions designed for large enterprises, but those products typically were not designed to scale down.
Traditional security solutions such as security information and event management (SIEM) systems carry high costs that many SMBs cannot justify. High licensing and hardware costs; data ingest, storage and processing fees; and the need for highly trained, expensive personnel often place these products out of reach. The advent of cloud-based extended detection and response (XDR) platforms, which combine several security technologies into a single cloud-based platform, provides an integrated set of capabilities attractive to SMBs, including rapid deployment, lower operating costs and reduced headcount required to operate the platform due to integrated capabilities delivered through a common user interface.
While the definition of XDR varies, we see it as incorporating a range of current and emerging technologies to improve threat detection and response handling. This typically includes threat detection and response, security orchestration and response, endpoint detection and response, and network detection and response capabilities. In response to market demand, a new set of vendors have introduced affordable and effective XDR platforms tailored for SMBs, delivered as self-managed or fully managed services.
XDR security spending increasing among SMBs, 2022 to 2023
Q. How will your spending on XDR change in the next 12 months?
Base: SMB respondents.
Source: 451 Research’s Voice of the Enterprise: Information Security, Technology Roadmap 2022 and 2023.
451 Research’s Voice of the Enterprise (VotE): Information Security, Budgets & Outlook 2022 and 2023 studies show key shifts in how SMBs are setting security priorities. In the 2023 survey, 98% of SMB respondents said responsive (sometimes referred to as defensive) security measures such as monitoring, detection and response are important to their organization, up 3 percentage points from 2022. Moreover, in 2023, 55% of SMBs said proactive (offensive) security measures such as threat hunting are very important, up 11 percentage points from the 2022 survey. In 2023, 92% of SMBs said proactive security measures are either very or somewhat important, up an even more impressive 17 percentage points year over year.
SMBs’ spending patterns on XDR also reflect this trend (see figure above). According to our VotE: Information Security, Technology Roadmap survey, 27% of SMB respondents expected a significant increase in spending on XDR in 2023 (21 percentage points higher than in 2022). No respondents expected a decrease in spending in either year. Interestingly, SMBs are increasing investment in XDR more rapidly than the overall study population: the proportion of SMBs planning significant increases is 5 percentage points higher than among the total survey group, despite economic headwinds.
Business impact
SMBs seeking a new or replacement security analytics and response platform should consider the following factors when evaluating potential vendors and service providers.
XDR capabilities: According to 451 Research’s VotE: Information Security, Security Analytics & SecOps 2023 study, the top benefits that SMBs expect from XDR include the ability to scale or improve security operations, higher-quality alerts for triage, and increased visibility into existing security systems. Primary responsive capabilities to look for are robust threat detection, endpoint detection and response (EDR), case management, third-party integrations, and automation of routine tasks. On the proactive side, SMBs are seeking the ability to conduct basic threat hunting activities, which could be conducted in-house or via a managed service provider. However, many SMBs are realizing that their needs for compliance and data visibility require additional solutions beyond XDR, including SIEM.
Compliance: SMBs must comply with many of the same regulations and industry requirements as larger organizations, including HIPAA, PCI-DSS and NIST standards. Security solutions must satisfy the organization’s monitoring and reporting requirements as well as retaining log data for at least a year and providing anomaly detection, incident response and daily log review capabilities. Data sovereignty issues may also arise, with compliance regimes requiring (or prohibiting) that data is stored in certain countries or geographies.
Architecture: SMBs have shown a strong preference toward as-a-service and managed security solutions that can be quickly provisioned, implemented, and scaled up and down. The ability to integrate third-party data is also key to a successful XDR deployment. SaaS and managed security solutions integrate with third-party toolsets to improve analytics and scalability, and, ultimately, to reduce costs. Data such as threat feeds, discovered vulnerabilities and telemetry from internal systems can improve XDR’s visibility, threat intelligence and threat detection capabilities.
Cost considerations: Many enterprise-class security products are priced based on usage or data metrics such as events processed, data ingested and storage quantity. Many SMBs have grown wary of these pricing models and instead seek solutions based on flat, predictable cost structures such as by user. Pricing that can easily scale up and down according to business needs is also desirable. Other considerations include the total cost of ownership beyond licensing, encompassing the cost to acquire, deploy, scale and run the solution. In today’s labor-constrained environment, ease of use and maintainability are particularly important, as “care and feeding” costs can easily outpace acquisition costs.
Looking ahead
For several years, SMBs have prioritized security investments to satisfy responsive and proactive security use cases. Security vendors have responded, introducing new cloud-native XDR offerings designed to meet the needs of SMB organizations, delivered as selfmanaged (SaaS) or managed services.
Organizations looking to deploy one of these XDR offerings should consider ease of deployment, total cost of ownership, the ability to leverage existing investments, and a good match of capabilities to required use cases. While XDR as a concept is new, most of the underlying capabilities it is based on are mature. Organizations deploying XDR can look forward to continual improvement such as more integrations, better user interfaces and faster time-to-value.
More from the blog
View All PostsSubscribe to email updates
Stay up-to-date on what's happening at this blog and get additional content about the benefits of subscribing.