One of the strongest cybersecurity offerings today is Extended Detection and Response, or XDR. It combines and centralizes security data from several sources: Security Information and Event Management (SIEM); Security Orchestration, Automation and Response (SOAR); Endpoint Detection and Response (EDR); and Network Traffic Analysis (NTA). Because these elements are all working together, visibility and and detection are improved—and that means better response as well. So where’s a good place to get XDR? Here are some of the top providers hitting this relatively new market.
Cisco prides itself on “defining the industry standard for XDR.” Its SecureX threat response has incorporated XDR integrations since 2018 (before it was called XDR), and the company has been simplifying and improving capabilities since then. Its Cisco Secure Endpoint can reduce detection time by 95% and response time by up to 85%.
Palo Alto Networks
Palo Alto Networks’ Cortex XDR combines with its Managed Threat Hunting to provide efficient and effective 24-hour watch over threats. It closely monitors user and endpoint behavior to catch anomalies usually left unnoticed. Then it automatically creates a complete picture of each threat, giving insight on the cause behind it. Since the company first presented XDR in February 2019, Palo Alto Networks has further developed its product to identify subtle signs and sophisticated attacks.
Trend Micro was cited in August 2019 as the first to offer XDR detection and response capabilities integrated across email, endpoint, network, server and cloud workloads. Its Vision One collects data broadly for high visibility and quick detection. The company also offers a managed XDR service which provides constant monitoring and in-depth investigations into serious threats.
VMWare claims to have offered “the industry’s first end-to-end XDR system.” Its acquisition of Carbon Black in October 2019 helped the company extend its EDR offering beyond endpoints and into network, user and application sites. Its strong visibility from multiple sources provides a good contextual view and understanding of an entire attack process. It also helps reduce operational impact when threats need to be remediated.
SentinelOne’s XDR is a centralization of its endpoint protection, endpoint detection & response, IoT security, and cloud workload protection plan (CWPP). In fact, its product Singularity was the first to incorporate these latter two areas into XDR in February 2020. A year later, this February, the company acquired the analytics platform Scalyr, which can ingest huge amounts of data in real time.
Microsoft Defender XDR
Microsoft’s XDR offering covers a broad range of digital realms. Microsoft Defender and Microsoft 365 Defender provide XDR for everything from identities and email to apps, IoT, and cloud platforms. Azure Defender expands this to virtual machines and containers, and can be deployed over multi-cloud and hybrid environments. The company announced its integration of SIEM and XDR at the Ignite 2020 conference last September.
McAfee has long been around for cybersecurity, and the company upped its game when it began offering XDR in October 2020. One of the highlights of its MVision XDR is the ability to prioritize protection based on importance and risk. Another is the prediction of whether particular responses to threats will be successful. Its unified platform can assist security analysts with varied levels of experience, allowing them to choose between automatic or AI-driven actions.
Joining its XDR competitors in November of last year, Cybereason’s offering is perhaps one of the most user-friendly. Its flexible and intuitive operation makes it easier for security teams to track and respond to events. The basis of Cybereason’s XDR product is a combination of behavioral analytics and endpoint telemetry. It automatically analyzes and remediates every anomalous behavior, which allows for the catching and correlating of events that might otherwise not be recognized.
One of the newest XDR choices is Fortinet’s offering. Released in January this year, it makes use of artificial intelligence to completely automate processes that normally require well-versed security analysts to take care of them. The AI system is fed a broad and diverse set of security data over the Fortinet Security Fabric. Its analysis and resulting high-fidelity incident alerts then create a threat classification and automatic response.
Crowdstrike acquired Humio this March, which improves its security product’s data ingestion and logging capabilities. Its other foundations for XDR rely heavily on telemetry from every kind of workload, including containers. This can be correlated with information on identities and assets for well-rounded security insight.
XDR is a valuable security offering that not only strengthens protection accuracy but helps improve efficiency too. Its enhanced capabilities reduce alerts, alleviating security operation centers’ alert fatigue and allowing them to work more productively. XDR is most helpful to midsize enterprises, particularly those without the resources and skills to integrate numerous best-of-breed security products themselves. Contact us for more details on XDR and which provider might be optimal for your company.
More on Extended Detection and Response: