Security3 min read

New Research Provides Insights Into the XDR Paradigm Shift

Automation, improved threat detection, and increased ROI demonstrate why XDR is the way of the future

Today’s complex IT environments are subject to the evolving nature of cyber threats, which are continually increasing in volume and complexity. The rapidly changing threat landscape combined with tighter budgets and limited staff leaves security leaders looking for a way to employ more targeted threat response with greater confidence while also improving security operations, automation, and compliance.

Extended detection and response (XDR) is an evolution of endpoint detection and response (EDR) that integrates security and business tools while offering high-quality threat detection and response. New findings from commissioned research conducted by Forrester Consulting on behalf of VMware finds that although 75% of security leaders are in the discovery phase of their XDR journey, they are looking at XDR as a way to bolster their security solutions and meet the need for better security visibility across IT infrastructure.

In this study titled “Evolving Security Operations Capabilities: Insights into the XDR Paradigm Shift,” Forrester Consulting surveyed 1,291 global IT, networking, and security decision-makers responsible for the security and network strategy at organizations across North America, EMEA, and Asia Pacific, to examine the XDR implementation status, misconceptions surrounding XDR, and next steps required for XDR adoption to progress.

Key findings from the study include:

  • 45% agreed that there is no clear, standard industry definition of XDR. At least three in four XDR adopters believed XDR includes both EDR and network analysis and visibility (NAV). A third of non-users say they still need proof that XDR is legitimate before adopting it.
  • 79% of non-users said improved speed and accuracy of threat detection is needed for their organizations. Of the users that have already adopted XDR, improved speed and accuracy of threat detection was one of their top five drivers for doing so.
  • 75% of XDR adopters found increased ROI to be the top business benefit of XDR. XDR adopters also reported a 13.9% increase in ROI as a result of adoption, with that number increasing as adoption matures.
  • 83% of XDR adopters agreed that the automation and repeatability of XDR can complement other tools in the security tech stack. For many organizations, adopting XDR means that they can keep the tools in their current tech stack and automate the more tedious detection work, saving time and money. 75%, with this figure rising to 91% among more mature adopters, agreed that XDR enables their team to skip some of the tedious, common, or repetitive detection engineering work they would otherwise have to do to focus on more targeted, specific attacks.

Aligning priorities to make XDR a reality

In order for networking and security managers to move their organizations along the XDR journey, the Forrester Consulting study provided several recommendations for security leaders as they embrace a more mature XDR strategy. These include:

  • Adopt all of the most critical XDR components. Fully mature XDR offerings integrate endpoint detection and response, vulnerability management, identity and access management, and network analysis and visibility. It is important security teams implement technologies at their own pace, depending on what is most important to the organization.
  • Enable employees to focus on more strategic functions. 75% of XDR adopters agree that XDR enables their team to skip some of the tedious tasks they would otherwise have to do to focus on more strategic ones.Implementing XDR can improve security automation for teams.
  • Make the business case. XDR adopters shared that their top benefits include increased ROI, flexibility, scalability, opportunities for automation, and threat detection in real time, among other benefits. Showcasing top organizational benefits will help further strengthen the business case for XDR.


In this study, Forrester conducted an online survey of 1,291 IT, networking, and security decision-makers at organizations globally to evaluate XDR adoption and readiness. Survey participants included decision-makers responsible for security and network strategy and their organizations. Questions provided to the participants asked about security strategy and XDR. The study was completed in July 2022.

The full study and complete list of recommendations for adopting XDR can be downloaded here.

To learn more about VMware Carbon Black XDR, which extends detection and response beyond the endpoint, read our announcement here or visit our website. VMware Carbon Black XDR is available in early access to select customers. To apply to the Early Access Program, customers can contact the security specialist team or sign up here.