The acronym XDR (Extended Detection and Response) has been bandied about since 2018 with increasing frequency. As XDR is still an evolving concept, in many ways, it’s a ‘watch this space for breaking developments’ story.
But as of right here and now, what does XDR mean, and why is it important to you and your customers? And does your choice of XDR partner matter?
In effect, XDR is the all-grown-up version of EDR (Endpoint Detection and Response).
The primary difference is that while EDR collects and correlates activities across multiple endpoints, XDR goes all out to provide proactive detection, analytics, and response across endpoints, networks, servers, cloud workloads, SIEM, and much more.
Forrester Research defines XDR as: “The evolution of EDR, which optimises threat detection, investigation, response, and hunting in real-time. XDR unifies security-relevant endpoint detections with telemetry from security and business tools such as network analysis and visibility (NAV), email security, identity and access management, cloud security, and more. It is a cloud-native platform built on big data infrastructure to provide security teams with flexibility, scalability, and opportunities for automation.”
Or, to paraphrase Gartner’s more digestible definition: XDR is a SaaS security threat detection and incident response tool. It’s vendor-specific and natively integrates multiple security products (see Forrester’s list above) into a single ‘cohesive security operations system that unifies all licensed components.’
In a nutshell, XDR delivers:
According to the Gartner Hype Cycle™ for Security Operations, 2022, XDR is at peak market interest. At the 2022 RSA Conference in San Francisco, the hottest topic was XDR. And according to a research paper by Enterprise Strategy Group (ESG), 38% of cybersecurity professionals believe that XDR can provide a centralised management hub for security operations.
If XDR lives up to expectations (which will vary from product to product, depending on maturity), it should deliver reduced complexity and lower costs, improved security visibility, incident response and remediation, increased productivity, and fewer infrastructure blind spots.
And because XDR simplifies and strengthens security processes faster, cybersecurity teams can be more proactive and wrap up their investigations more efficiently. All of which is music to the ears of CISOS and CFOs worldwide.
We say no, but you’d probably expect us to say that anyway. However, we’ll let the facts speak for themselves when it comes to XDR from SentinelOne.
Over the past few months, Singularity XDR from SentinelOne has outperformed every other vendor in the MITRE ATT&CK evaluations (in more ways than one). In the MITRE Engenuity ATT&CK® 4th Evaluation, SentinelOne delivered:
SentinelOne has had unrivalled success in the Gartner Critical Capabilities report and positioned itself firmly in the leaders quadrant of the 2021 Gartner EPP Magic Quadrant.
If you need more proof, check out the infographic on this vendor’s web page based on MITRE ATT&CK’s results analysis, and you’ll see that SentinelOne is ranked as the clear leader in analytics detection.
We’re pretty impressed with SentinelOne, and we think channel partners will be too. Especially when they can think big on behalf of their customers but start small with single license purchases.