The CF List: 20 Top XDR Security Providers You Should Know

Extended detection and response (XDR) is a relatively new security market and many customers are still trying to figure out how it can work for them.

XDR is an evolution of endpoint detection and response (EDR). XDR systems continually capture focused data and alerts from all the key systems connected to them. Then, they feed this data into a centralized repository, cleaning and normalizing it. In addition to computers, mobile devices and IoT, XDR also draws on data feeds from email security systems, network analysis and visibility tools, identity and access management (IAM) platforms, cloud workload protection systems and elsewhere.

Our latest CF List for the first time focuses on XDR. Analysts with Omdia, S&P Global Market Intelligence, Forrester, and Frost & Sullivan weighed in on XDR market trends and what it takes to be a successful XDR provider.

XDR Security a Relatively New Space — Many Different Takes

Eric Parizo is principal analyst of Omdia’s cybersecurity operations intelligence service. (Omdia and Channel Futures share a parent company, Informa.)

Omdia’s Eric Parizo

“I don’t think the pandemic has had much of an impact on XDR,” he said. “The space is still relatively new. And there are so many different takes on XDR that customers are still trying to wrap their heads around what XDR really should be. Omdia’s definition of XDR is an analytics-driven threat detection, investigation and response (TDIR) solution (or service) that seeks to streamline and accelerate the TDIR lifecycle ideally by limiting the scope of data inputs and/or detection outputs, as well as guiding analysts of varied skill and experience levels to successful TDIR outcomes.”

Allie Mellen is security and risk analyst at Forrester.

Forrester’s Allie Mellen

“Given that XDR is such a new market, customer expectations have not yet solidified on this,” she said. “The term was coined back in 2018. But actual offerings didn’t start hitting the market in the mainstream until 2020. Customers want an offering that will protect their remote workforce and give them visibility into the cloud.”

Customers Value Extended Visibility

Scott Crawford is research director of information security at S&P Global Market Intelligence.

S&P Market Intelligence’s Scott Crawford

“With work from anywhere, pandemic conditions have focused attention on endpoints, from which telemetry can be gathered from any accessible network regardless of where, as well as whatever visibility can be gathered from the wide-area networks often used for remote connectivity,” he said. “These have increased attention for EDR, network detection and wide-area connectivity that intersects with concepts such as the secure access service edge (SASE), and zero trust initiatives to assure confidence in access.”

Customers value solutions that extend their visibility and ability to respond to threats throughout these more distributed venues, Crawford said.

“Increasingly, we also see growing adoption of managed services in areas such as managed detection and response (MDR) to provide the often hard-to-find-and-retain expertise necessary to be most effective with threat detection and response tools,” he said.

Lucas Ferreyra is a research analyst at Frost & Sullivan.

Frost & Sullivan’s Lucas Ferreyra

“Vendors with varied product and solution portfolios focus on improving XDR’s capabilities through deep integration with their own security stack,” he said. “Other competitors are more concerned with the vendor-agnostic promise of open XDR.”

Some MDR vendors now include XDR as a core part of their service offering, Ferreyra said. They’re making use of the technology to augment the service they provide, coining the term managed XDR.

We’ve compiled a list above of 20 top XDR providers based on analysts’ feedback and recent news reports. It’s in no particular order. The list, by no means complete, includes well-known providers. But it also features lesser-known vendors making strikes in XDR.