The evolution of solutions that detect, respond and mitigate threats in real time, those known as Extended Detection and Response (XDR), live moments of effervescence. The leaders of the business protection industry put their efforts into this technology that, although it is still emerging, has already become the most striking in the cybersecurity sector.
Any organization concerned about its security seeks know your gaps as soon as possible in order to mitigate them and respond. That’s why, according to a recent Gartner survey, 80% of organizations are planning to consolidate vendors into a more manageable and effective set of integrated solutions. An ecosystem where unified XDR platforms take pride of place automatically collecting and correlating data from multiple security components.
XDR assumes the evolution of detection and response beyond the current specific solution and single vector approach. An evolution of Endpoint Detection & Response (EDR) that enables threat analysis and response beyond managed endpoints or network traffic analysis (NTA) tools, limited to network or monitored segments. A cloud-native technology that adds layers of value such as NAV, email security, identity and access management (IAM) or cloud security, among others.
In this sense, the latest Forrester report pointed out some manufacturers positioned as those with the best XDR technology. These are the proposals that he proposed and where business partners can support each other to offer the maximum security of response and detection of threats.
bitdefender
The manufacturer positions itself in this segment with its GravityZone XDR solution. The native platform is designed to provide rich security context, disparate alert correlation, out-of-the-box analytics, rapid incident triage, and attack containment through automated and guided response actions across an enterprise environment. .
This solution is implemented as a SaaS solution or through the service of Managed Detection and Response (MDR) from Bitdefender. Additionally, it is used in the home’s security operations center (SOC) to provide the proper context for investigation and improved response actions.
Cisco
The SecureX proposition is the manufacturer’s XDR option. It is a cloud-native platform that connects the in-house networking and security portfolio with your customer infrastructure. It’s integrated and open for simplicity, unified in one location for greater visibility, and maximizes operational efficiency with automated workflows.
In addition, its ultimate goal is to greatly reduce threat dwell time and human tasks to maintain regulatory compliance and counter attacks.
CrowdStrike
With the slogan “Extended beyond the Endpoint”, Falcon XDR is the alternative of this firm focused on the security of these devices. The solution proposes synthesizing telemetry from different domains to provide the security team with a unified and centralized console for threats.
cybereason
This manufacturer’s XDR solution proposes multiplying protection results by 10, simplifying work by 10. An option that focuses on predicting, understanding and ending cyberattacks on a planetary scale.
This proposal is hosted on Google Cloud thanks to an alliance that was born from the hyperscaler’s investment of 50 million dollars in the manufacturer. Thus, it can be an interesting outlet for those partners who work with those from Mountain View.
fire eye
His approach highlights the flexibility of the XDR platform to provide a unified platform to cover security solutions against the most sophisticated threats.
Again, it helps to unify, prioritize attacks and reduce complexity for partners who carry security for different clients.
Kaspersky
The manufacturer proposes several solutions to give the total coverage that is needed for XDR coverage. In this sense, the firm offers Endpoint Detection and Response Expert, an EDR platform that can be complemented with Kaspersky Anti Targeted Attack Platform to offer expanded capabilities.
Thus, both proposals at their core constitute an all-in-one APT protection solution and combine advanced network threat detection with EDR capabilities.
mcafee
XDR defined as proactive security that can help save up to 95% in threat campaign evaluation costs, this manufacturer’s solution is defined as the first open, proactive and data-based platform.
microsoft
Located as the second most advanced in the Forrester report, the manufacturer has managed to combine a platform to make threats visible in its 365 universe and the entire cloud ecosystem. A two in one that crowns it as one of the leading solutions.
In this sense, Microsoft Sentinel combines Defender 365 to stop threats in an automated way across domains and integrated Artificial Intelligence of users and Defender Cloud to protect cloud infrastructure.
Palo Alto Networks
Also ranked among the top 3 in the segment, Cortex XDR is the solution to centralize the operations of in-house SOCs. With it, the security visibility of the entire company is unified, the Endpoint is protected, incidents are managed and alerts from any data source are analyzed.
All of this makes it possible to break down security silos and improve the traceability of protection to partners.
SentinelOne
Singularity is the XDR platform of this manufacturer. The solution unifies functions that have traditionally been separated into a single platform architecture and a single agent. Its technology is based on Artificial Intelligence to improve task automation or make threats visible.
One point where the brand makes a difference is in the management of unreliable devices. Thanks to Ranger IoT technology, it provides visibility and control of all devices on the network, managed and unmanaged.
Sophos
Intercept X is also ranked as the world’s best endpoint protection that is extended with XDR capabilities. A setting within the synchronized security ecosystem promoted by the house.
Their proposition is designed for both security analysts working in dedicated SOC teams and IT administrators dealing with security and other IT competencies.
TrendMicro
Crowned the top of the Forrester report, Vision One seeks to go beyond the single vector with powerful analytics in a unified platform. The manufacturer promises to discover incidents at earlier stages thanks to correlated detections and embedded threat intelligence.
A defense platform to which to add a range of premium services with which partners can complete the security offer and guarantee the maximum guarantee of customer support.
vmware
New capabilities are added to Carbon Black’s range of security solutions to elevate it to XDR. Thus, the in-house platform offers continuous visibility, rapid response and threat mitigation.
What considerations do I have to choose the right one?
When evaluating the different proposals of the manufacturers, we can begin to doubt which is the most suitable manufacturer to work with. If we do not have any previous experience in the security environment or simply want to provide a plus to our clients with an XDR solution and all the advantages that it entails, we should take into account the following issues:
- EDR solution: it is the main core of XDR and therefore, it must be the key piece on which to base ourselves. Finding the one that best fits our strategy or that we believe is more interesting, flexible or scalable will be basic.
- Intelligence: Although all XDR solutions incorporate an automation layer, dwelling on the points that each of them offers can help us select the most advanced or prepared for our casuistry. This is where innovation in terms of machine learning or AI comes into play.
- Context: It is essential to protect ourselves from knowing what we are protecting ourselves from. At this point, the context is essential to be able to face the multitude of threats that are presented every day and at that point, having an updated manufacturer and access to complete threat intelligence will be essential.
- Interoperability: Although the idea of these XDR solutions is to centralize resources, we cannot ignore the fact that security must cover different legs within a company. Hence, it is essential that these proposals can “talk” with third platforms, devices, resources or data to guarantee that protection.
- Added services: a key point for the profitability of partners and where manufacturers can contribute a lot. The additional layer of services that can be offered with XDR can be almost endless, but it also needs to be supported and cared for behind the scenes. Looking for it in the firm you work with can avoid many problems.
Taking all these points into account, partners can already have a broader vision of how XDR can be the next revolution in the market. An opportunity that can lead to rethink the strategy for end customers and promote a new way of looking at business protection. Is it so?
