The CF List: 20 Top XDR Security Providers You Should Know
Customers are still trying to wrap their heads around what XDR really should be.
![Twenty, 20, SD-WAN providers Twenty, 20, SD-WAN providers](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt1623fbe456f4d7d3/6523f96f6868b42e553c7c45/shutterstock_790434142.jpg?width=700&auto=webp&quality=80&disable=upscale)
Jörge röse-oberreich/Shutterstock
Forrester’s Allie Mellen said Trellix is a top XDR contender. Last month, McAfee Enterprise and FireEye emerged as a new company under the name Trellix. And Omdia’s Eric Parizo said by combining as Trellia, the company instantly became a $2 billion cybersecurity industry titan, with products that span the network, endpoint, cloud, security operations, data security and other areas.
IBM is a top XDR provider.
“I think the most interesting XDR-related M&A was IBM’s acquisition of ReaQta,” Parizo said. “Big Blue had already put forth a partner-focused XDR strategy supplemented by its QRadar and Cloud Pak for Securiy offerings, but instead shifted direction, recognizing the need for its own EDR telemetry agent to better compete against EDR/XDR heavyweights like Crowdstrike and Microsoft.”
Mellen cited CrowdStrike as a noteworthy XDR provider. She said there have been some interesting acquisitions made in the past year that are meant to help drive forward certain vendors’ XDR offerings, specifically to give vendors log management capabilities or, conversely, endpoint capabilities. Among those is CrowdStrike acquiring Humio for $400 million.
Parizo said CrowdStrike is an EDR/XDR heavyweight.
And Mikita Hanets, industry analyst with Frost & Sullivan, said vendors like CrowdStrike challenge the position of well-established companies like Palo Alto Networks, Fortinet, and Cisco.
Mellen said Cybereason is a top XDR provider. This month, Cybereason reportedly filed for an initial public offering (IPO) at a valuation of $5 billion. Rik Turner, principal analyst at Omdia, said Cybereason has been threatening to file for an IPO for some time. In a sense, it’s playing catch-up. Its two most high-profile competitors in EDR are already public. CrowdStrike has been public since 2019 and SentinelOne went public last summer.
In December, Cybereason and Google Cloud unveiled Cybereason XDR powered by Google Chronicle. The AI-driven XDR platform is capable of ingesting and analyzing threat data from across the entire IT environment.
Confluera is among vendors that have the potential to break out in XDR, specifically based on current capabilities. Last month, Confluera announced interoperability with VMware Carbon Black that will further expand its XDR’s security ecosystem coverage to include VMware Carbon Black Cloud Workload Protection. Together, the solutions will deliver faster incident analysis and holistic threat detection.
Hunters also is among vendors that has the potential to break out in XDR, specifically based on current capabilities. Last month, Hunters raised $68 million in Series C funding, and shifted its brand messaging from open XDR to security operations center (SOC) platform capabilities. The new funding brings the total investment in Hunters to $118 million.
Mellen said Trend Micro is a noteworthy XDR contender. Trend Micro‘s Smart Protection Network (SPN) stopped 94.2 billion cyber threats heading for consumer, government and business customers in 2021. The volume of detections represents a 42% increase over the number recorded in 2020.
Mellen cited Palo Alto Networks among top XDR providers. Palo Alto Networks recently joined the Nasdaq 100. It’s one of the top 100 largest domestic and international non-financial companies on the Nasdaq exchange based on market capitalization. The vendor was added as part of the index’s annual reconstitution.
Mellen said Bitdefender is a noteworthy XDR contender. S&P Global’s Scott Crawford said an effective XDR solution “truly embraces a spectrum of telemetries, not just one or a few segments, and is realistically open to integrating more as more sources emerge.”
“The ability to rationalize all this input into actionable insight for security teams and their organizations is key – so a balance of extension of telemetry sources that keep the X concept of XDR open to further innovation and insight, with the ability to turn that insight into better defense and response,” he said.
SentinelOne is among top contenders in XDR. Mellen said there have been some interesting acquisitions made in the past year that are meant to help drive forward certain vendors’ XDR offerings, specifically to give vendors log management capabilities or, conversely, endpoint capabilities. Among those was SentinelOne acquiring Scalyr, a cloud-native, cloud-scale data analytics platform.
Mellen cited Microsoft as a top XDR contender. And Parizo said Microsoft is an EDR/XDR heavyweight. Microsoft 365 Defender is an XDR solution that automatically collects, correlates and analyzes signal, threat and alert data from across a Microsoft 365 environment, including endpoint, email, applications and identities.
Mellen said Secureworks is among top XDR providers. Last fall, Secureworks expanded its Taegis portfolio of XDR solutions with the addition of Taegis NGAV and Taegis ManagedXDR Elite. Taegis NGAV is a software-as-a-service add-on to Taegis XDR and managed XDR. Taegis NGAV uses machine learning (ML) technology to automatically disrupt endpoint threats, while enhancing investigations in Taegis XDR with prevention.
Mellen named Elastic among noteworthy XDR providers. Last fall, Elastic acquired Cmd, a provider of infrastructure detection and response, to accelerate its efforts in cloud security, specifically in cloud workload runtime security. By integrating the capabilities of Cmd’s expertise and product into Elastic Security, Elastic will enable customers to detect, prevent and respond to attacks on their cloud workloads.
Rapid7 is a leading XDR provider, Mellen said.
“I think it’s very early and the market has yet to shake out in terms of revenue and true leaders,” Parizo said. “A lot of EDR vendors are essentially saying that they’re now offering XDR, and as a result are shifting revenue recognition from EDR to XDR, even though their XDR capabilities may be a work in progress. But considering how eager SOC teams are for TDIR solutions that save time, are less complex, and produce better, more consistent outcomes, I think that there will be a number of smaller XDR vendors that will see success competing in the marketplace against much larger competitors.
Last month, Sophos unveiled its zero trust network access (ZTNA) offering that fully integrates with its next-generation endpoint solution, Sophos Intercept X. Through its integration with Sophos Intercept X, including Sophos XDR, Sophos Managed Threat Response and other solutions using its technology, Sophos ZTNA removes the complexities of managing multiple vendor products and agents, and provides end-to-end protection for endpoints, users, their identities, applications and networks.
Last month, Fortinet unveiled a new XDR solution, FortiXDR. It leverages artificial intelligence (AI) for the investigation effort critical to incident response. Expanding on the cloud-native endpoint platform of FortiEDR, it enhances an organization’s security fabric and the threat protection powered by FortiGuard Labs security services. Specifically, FortiXDR can fully automate security operations processes typically handled by security analysts to mitigate threats faster across the broad attack surface.
In November, Cynet announced the integration of SaaS security posture management (SSPM) and centralized log management (CLM) capabilities to its automated XDR platform, Cynet 360.
“The arena of managed detection and response (MDR) has played a significant role in the growth of managed security services overall,” Crawford said. “According to our 451 Research’s Voice of the Enterprise: Information Security, Workloads & Key Projects 2020 and 2021 studies, nearly twice as many respondents reported managed security services (MSS) in use in 2021 compared to 2020, while those saying MSS were not in [their] plans fell by more than half. Many of these entrants target more of a midmarket segment than traditionally enterprise-focused players serving organizations able to make the substantial investment in security analytics technologies, reflecting the need for more effective threat visibility and response.”
Last August, Exabeam unveiled the XDR Alliance, a partnership of cybersecurity and IT innovators committed to an inclusive and collaborative XDR framework and architecture. The goal of the XDR Alliance is to foster an open approach to XDR to allow organizations to protect themselves against the growing number of cyberattacks, breaches and intrusions. The group of security technology providers organized to help customers more easily define, implement and operate effective TDIR programs and technology stacks.
Last year, Fidelis Cybersecurity acquired CloudPassage, a cloud security and compliance provider. Fidelis Elevate is an XDR solution that helps SOC analysts to proactively stop threats before they impact business. Elevate unifies EDR, NDR and cloud with integrated deception technologies. With CloudPassage Halo, Fidelis better protects customers in the cloud with a unified cloud security platform.
Last year, Barracuda Networks acquired Skout Security to enter the fast-growing XDR market. It has now integrated Barracuda Email Protection with Skout Managed XDR. This enables MSPs to provide their customers with email security capabilities within the Skout XDR platform.
These capabilities include impersonation and domain fraud protection, email gateway protection, and access to log data for analysis of threat detection and incident reporting.
Last year, Barracuda Networks acquired Skout Security to enter the fast-growing XDR market. It has now integrated Barracuda Email Protection with Skout Managed XDR. This enables MSPs to provide their customers with email security capabilities within the Skout XDR platform.
These capabilities include impersonation and domain fraud protection, email gateway protection, and access to log data for analysis of threat detection and incident reporting.
Extended detection and response (XDR) is a relatively new security market and many customers are still trying to figure out how it can work for them.
XDR is an evolution of endpoint detection and response (EDR). XDR systems continually capture focused data and alerts from all the key systems connected to them. Then, they feed this data into a centralized repository, cleaning and normalizing it. In addition to computers, mobile devices and IoT, XDR also draws on data feeds from email security systems, network analysis and visibility tools, identity and access management (IAM) platforms, cloud workload protection systems and elsewhere.
Our latest CF List for the first time focuses on XDR. Analysts with Omdia, S&P Global Market Intelligence, Forrester, and Frost & Sullivan weighed in on XDR market trends and what it takes to be a successful XDR provider.
XDR Security a Relatively New Space — Many Different Takes
Eric Parizo is principal analyst of Omdia’s cybersecurity operations intelligence service. (Omdia and Channel Futures share a parent company, Informa.)
Omdia’s Eric Parizo
“I don’t think the pandemic has had much of an impact on XDR,” he said. “The space is still relatively new. And there are so many different takes on XDR that customers are still trying to wrap their heads around what XDR really should be. Omdia’s definition of XDR is an analytics-driven threat detection, investigation and response (TDIR) solution (or service) that seeks to streamline and accelerate the TDIR lifecycle ideally by limiting the scope of data inputs and/or detection outputs, as well as guiding analysts of varied skill and experience levels to successful TDIR outcomes.”
Allie Mellen is security and risk analyst at Forrester.
Forrester’s Allie Mellen
“Given that XDR is such a new market, customer expectations have not yet solidified on this,” she said. “The term was coined back in 2018. But actual offerings didn’t start hitting the market in the mainstream until 2020. Customers want an offering that will protect their remote workforce and give them visibility into the cloud.”
Customers Value Extended Visibility
Scott Crawford is research director of information security at S&P Global Market Intelligence.
S&P Market Intelligence’s Scott Crawford
“With work from anywhere, pandemic conditions have focused attention on endpoints, from which telemetry can be gathered from any accessible network regardless of where, as well as whatever visibility can be gathered from the wide-area networks often used for remote connectivity,” he said. “These have increased attention for EDR, network detection and wide-area connectivity that intersects with concepts such as the secure access service edge (SASE), and zero trust initiatives to assure confidence in access.”
Customers value solutions that extend their visibility and ability to respond to threats throughout these more distributed venues, Crawford said.
“Increasingly, we also see growing adoption of managed services in areas such as managed detection and response (MDR) to provide the often hard-to-find-and-retain expertise necessary to be most effective with threat detection and response tools,” he said.
Lucas Ferreyra is a research analyst at Frost & Sullivan.
Frost & Sullivan’s Lucas Ferreyra
“Vendors with varied product and solution portfolios focus on improving XDR’s capabilities through deep integration with their own security stack,” he said. “Other competitors are more concerned with the vendor-agnostic promise of open XDR.”
Some MDR vendors now include XDR as a core part of their service offering, Ferreyra said. They’re making use of the technology to augment the service they provide, coining the term managed XDR.
We’ve compiled a list above of 20 top XDR providers based on analysts’ feedback and recent news reports. It’s in no particular order. The list, by no means complete, includes well-known providers. But it also features lesser-known vendors making strikes in XDR.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like