CF20: 2024's 20 Top XDR Providers You Should Know
Cisco, Palo Alto Networks and Sophos all made our list. See who else did and why.
![20 XDR providers in demand 20 XDR providers in demand](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt92d86ca5292f6185/6523ecacab64d4e6decd3416/Gold-Twenty.jpg?width=700&auto=webp&quality=80&disable=upscale)
JÖRGE RÖSE-OBERREICH/SHUTTERSTOCK
Forrester ’s Allie Mellen said Cisco is among top XDR providers.
“The biggest change in the competitive landscape is Cisco’s intent to acquire Splunk,” she said. “Splunk customers, who have long been frustrated by the cost of the SIEM offering, are looking at alternatives, whether it be SIEM or XDR – that can support their needs. It’s a huge opportunity for every SIEM and XDR vendor.”
“Splunk is a widely adopted SIEM/security analytics/SecOps platform in its own right,” said S&P Global’s Scott Crawford. “The acquisition not only closes this gap for Cisco, but also unites Splunk with Cisco’s own investments in XDR, an area in which Splunk had largely partnered for tools, technology and techniques beyond its own. This raises the bar for XDR competitors who had challenged both.”
Mellen said Palo Alto Networks is among top XDR providers. And Omdia’s Elvia Finalle said it’s one of the leaders in the XDR market via its Cortex platform. It’s often on the short list of options for enterprise XDR purchases.
Mellen and Finalle said Sophos is among noteworthy providers.
“Its years-long investment in solution integration has fostered an XDR offering with tight network-endpoint data sharing and threat-response capabilities,” Finalle said. “Traditionally it has centralized its outreach in Europe, but has been expanding its customer base in North America.”
Finalle said although ESET historically is known as a provider of anti-malware, the vendor is expanding its enterprise offerings, though today it’s mostly serving European customers.
ESET’s Protect Elite offering provides integrated, multilayered endpoint protection that includes a wide spectrum of security aspects such as multifactor authentication (MFA), advanced threat defense, full-disk encryption, mail security, cloud application protection and more.
Mellen and Finalle cite Bitdefender among top XDR providers.
“The product has some features that have to be purchased separately when getting the standalone product, but research indicates it is easy to set up,” Finale said.
Finalle said ServiceNow is among noteworthy providers.
“In the past two years, ServiceNow has taken advantage of its knowledge of IT service management (ITSM), and in particular workflows, to create a set of security solutions with security users in mind,” she said.
Google is a noteworthy XDR provider, Finalle said. The large technology vendor has been investing in cybersecurity, but has been focusing more on its SIEM/security orchestration, automation and response (SOAR) combination.
While not getting much attention, Fidelis Security has one of the more complete XDR offerings covering endpoint, network and cloud, Finalle said.
Fidelis Elevate provides the forensic data and metadata, predictive analysis and automation tools defenders need to operate inside the adversary's decision-making cycle.
Mellen and Finalle said SentinelOne is among top XDR providers.
“One of the pioneers in the EDR market, it has developed its Singularity product into an XDR offering, recently adding IoT security and cloud workload security to support TDIR in a centralized platform,” Finalle said.
Mellen and Finalle cited Microsoft as a top XDR provider.
“[Microsoft] dominates most of the SecOps landscape as the No. 1 vendor by revenue, because of its packaging and offering integrated capabilities,” Finalle said. “The big storyline in not only XDR, but also across the cybersecurity landscape is that Microsoft has become a dominant player. The vendor is increasingly pressuring other vendors, even if they have had an XDR solution prior to Microsoft. Vendors' long-term ability to succeed in XDR will be based in large part on their ability to differentiate from Microsoft.”
As a large technology provider, Broadcom has the capital and resources to invest in innovation; however, its companywide focus is supporting only the largest enterprise customers, Finalle said. VMware, which Mellen cited as a top XDR provider, is now part of Broadcom.
ReliaQuest is notable for teaming up with GreyMatter to deliver open XDR, Finale said. GreyMatter automates detection, investigation and response across cloud, endpoint and on-premises tools and applications. It’s cloud-native, built on an open XDR architecture and delivered as a service anywhere in the world.
Mellen and Finalle said CrowdStrike is among top XDR providers. Its XDR solution overall is perceived as easy to implement and use, but is expensive, Finalle said.
CrowdStrike’s Falcon Complete XDR offers customers implementation, platform management, response and remediation services for advanced threats.
Mellen and Finalle cite Secureworks among noteworthy XDR providers. Its solution works as a managed XDR service, supported by human intelligence, Finalle said.
Secureworks Taegis XDR, a SaaS-based, open XDR platform, helps organizations across multiple industries, as well as MSSPs, maximize their SecOps efficiency and effectiveness in preventing, detecting, triaging, investigating, understanding, responding to and reporting on threats.
Finalle said Hillstone Networks is among top XDR providers as its focus is customized dashboards for unified reporting.
Hillstone iSource is a data-driven, AI-powered XDR platform that integrates security data, correlates and investigates incidents, identifies potential threats and automatically orchestrates security to respond cohesively across multiple security products and platforms.
Fortinet’s XDR solution has a stable flow of improvements over the years and allows for accessible integration with other Fortinet solutions, but consists of acquired product components and is generally only considered viable for customers of Fortinet's other solutions, Finalle said.
Qualys is a leading provider of vulnerability management tools and is looking to leverage its knowledge of vulnerability sources to foster an XDR solution, Finalle said.
Qualys Context XDR ingests real-time telemetry into the scalable Qualys Cloud Data Lake, which is then analyzed to produce action alerts.
Mellen and Finalle cite Trend Micro among top XDR providers.
“Another of the leading XDR providers, Trend has steadily gained market share in North America, in addition to its strength in other geographies,” Finalle said. “It is seeking to combine XDR with attack surface risk management.
ExtraHop, a network-centric player, is known for detailed insights, and customers generally like it, but there can be overlooked expenses related to running the product, and it’s not always flexible with log requirements, Finalle said. ExtraHop provides network intelligence that exposes attackers post-intrusion, in their path toward a breach.
Trellix is noteworthy for building its post FireEye/McAfee product platform on XDR, leveraging a loyal customer base, Finalle said. Trellix’s Endpoint Security Suite, a cornerstone of its AI-powered XDR platform, includes endpoint protection, EDR and forensic controls to deliver protection, detection, investigation, forensics and remediation to reduce risks across the attack surface. The portfolio allows customers to build out to XDR from an endpoint security base and integrate native and third-party tools supporting hybrid environments.
Trellix is noteworthy for building its post FireEye/McAfee product platform on XDR, leveraging a loyal customer base, Finalle said. Trellix’s Endpoint Security Suite, a cornerstone of its AI-powered XDR platform, includes endpoint protection, EDR and forensic controls to deliver protection, detection, investigation, forensics and remediation to reduce risks across the attack surface. The portfolio allows customers to build out to XDR from an endpoint security base and integrate native and third-party tools supporting hybrid environments.
Extended detection and response (XDR) providers have massive growth opportunities ahead of them amid increasing interest in the technology.
XDR systems continually capture focused data and alerts from all the key systems connected to them; then, they feed this data into a centralized repository, cleaning and normalizing it. In addition to computers, mobile devices and IoT, XDR also draws on data feeds from email security systems, network analysis and visibility tools, identity and access management (IAM) platforms, cloud workload protection systems and elsewhere.
This is our third annual CF20 focusing on XDR providers. Analysts with Omdia, S&P Global Market Intelligence and Forrester weighed in on XDR market trends and what it takes to be a successful XDR provider.
Strong Market for XDR Providers
Elvia Finalle, senior security analyst at Omdia, which shares a parent company with Channel Futures (Informa), said we can expect the XDR market to come close to reaching $1 billion by the end of 2024 if security providers foster strategic business growth by continuing to invest in the technology, which Omdia believes they will.
![Omdia's Elvia Finalle Omdia's Elvia Finalle](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt4edc81226b2547af/652402c4979cd148be7c9c27/Finalle-Elvia_Omdia.jpg?width=700&auto=webp&quality=80&disable=upscale)
Omdia's Elvia Finalle
“The market is made up of dozens of small vendors that are providing XDR solutions, rather than a small number of large vendors, which creates a considerable opportunity for future growth,” she said. “Many target specific verticals or other niche areas. At the same time, there are several established vendors also providing a form of XDR. These are the platform vendors or what Omdia refers to as comprehensive XDR. These established vendors are attempting to have a one-solution-to-fit-them-all approach.”
Past Acquisitions Most Impacting XDR Landscape
While the market landscape continues to evolve, it's been past acquisitions in the threat detection and incident response (TDIR) space, particularly related to endpoint detection and response (EDR), that have set the stage for today's XDR market landscape, Finalle said. Each vendor sees and creates a different XDR and many different integrations that are bundled together, to create their unique take on XDR.
“The threat landscape growth and innovation is an ongoing concern for organizations, but in Omdia's view unless an organization is targeted by a specific threat or type of threat, then it usually has minimal impact on specific purchasing decisions,” she said. “We have not observed a correlation between XDR and increasing regulation, either positive or negative. Omdia has seen increasing cost and complexity related to the acquisition of cyber insurance. As insurers become more sophisticated in cybersecurity, policies are expected to become more complex and more expensive, meaning fewer organizations will be able to afford it. As fewer enterprises are able to insure against risk, in response, more will need to invest in mitigating it. That means TDIR solutions like XDR may eventually benefit.”
Clients Looking For XDR With Built-In EDR Capabilities
Allie Mellen, security and risk analyst at Forrester, said as of this year, Forrester has retired the Forrester EDR Wave and replaced it with the Forrester XDR Wave.
![Forrester's Allie Mellen Forrester's Allie Mellen](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt0227a46ee2ba8485/652404d3de63212ee4c78aa2/Mellen-Allie_Forrester.jpg?width=700&auto=webp&quality=80&disable=upscale)
Forrester's Allie Mellen
“This signals the shift in the market to where clients are adopting and looking for XDR with EDR capabilities built in,” she said. “In addition to this, some clients are looking to see if XDR can replace or augment the security information and event management (SIEM) capabilities they have in house to reduce cost, and enable better investigation and response. To meet this demand, some vendors have acquired, developed or partnered for SIEM or SIEM-replacement capabilities in a separate, bundled offering to XDR. This opens up a much bigger portion of the market to XDR vendors than they had previously.”
SOC Teams Overwhelmed with Alerts
Scott Crawford, research director of information security at S&P Global Market Intelligence, said the average number of alerts a security operations center (SOC) team could not respond to on a typical day exceeds 50%, as reported by survey respondents.
“This makes it clear that organizations are being overwhelmed by data volume, given the increasing proliferation of technologies across the board,” he said. “This also introduces increased potential for the role of automation − and ultimately, the promise of new innovations such as generative artificial intelligence (AI) − in helping security teams tackle this volume and complexity with more efficient response. We have seen generative AI make its initial impressions in SecOps technology in the past year, among strategic vendors and challengers alike, and will be watching the trend closely for how it shapes XDR and SecOps technology going forward. We have seen in addition the demand for managed detection and response (MDR) make a similar impact among cybersecurity service providers, adding expertise in these technologies with the functionality driving these markets.”
The capabilities XDR provides certainly are in high demand, Crawford said.
“Different vendors may characterize their threat detection and response capabilities differently, but the value of the capabilities for security teams is evident,” he said.
In the slideshow above, we’ve compiled a list above of 20 top XDR providers based on analysts’ feedback and recent news reports. It’s in no particular order. The list, by no means complete, includes well-known providers. But it also features lesser-known providers making strides in XDR.
About the Author(s)
You May Also Like