The CF List: 2023's 20 Top XDR Security Providers You Should Know
Omdia forecasts steady XDR market growth.
![Twenty, 20, SD-WAN providers Twenty, 20, SD-WAN providers](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt1623fbe456f4d7d3/6523f96f6868b42e553c7c45/shutterstock_790434142.jpg?width=700&auto=webp&quality=80&disable=upscale)
Jörge röse-oberreich/Shutterstock
Forrester’s Allie Mellen said Microsoft is one to watch in XDR. Microsoft Security has now surpassed $20 billion in annual revenue. More than 860,000 customers have chosen Microsoft Security to protect their organizations. Omdia’s Eric Parizo said the numbers highlight Microsoft’s “tremendous momentum” in cybersecurity. And there are few legitimate obstacles in its path to even more growth.
S&P Global’s Scott Crawford said Microsoft is “making highly visible moves into security services.”
CrowdStrike has a robust XDR offering and strategy that differentiates XDR from SIEM capabilities, Mellen said. IDC has ranked CrowdStrike No. 1 out of 26 vendors in its latest Worldwide Modern Endpoint Security Market Shares report. This is the third time in a row.
Mellen said Trend Micro is one to watch in XDR. For the fourth quarter of its fiscal year 2022, Trend Micro reported enterprise subscription-based annual recurring revenue (ARR) increased by 29% year-over-year along with subscription-based customers, now exceeding 424,000 organization.
Bitdefender has a strong XDR offering and strategy that differentiates XDR from SIEM capabilities, Mellen said. Bitdefender’s GravityZone XDR is a native XDR solution designed to provide security context, correlation of disparate alerts, out-of-the-box analytics, rapid triage of incidents and attack containment through automated and guided response actions across a business’ entire environment. The solution helps maximize security team effectiveness, improving threat hunt efficiency, minimizing attacker dwell time, and enabling greater cyber resilience.
Mellen said SentinelOne is among providers that have a strong XDR offering and strategy that differentiates XDR from SIEM capabilities, Mellen said. Its acquisition of Attivo Networks is among events that changed the competitive landscape last year. In November, SentinelOne was named one of the fastest-growing companies in North America by Deloitte Technology Fast 500 for the fourth consecutive year.
Palo Alto Networks is one to watch in XDR, Mellen said.
“The most effective XDR offerings focus on generating high-quality detections for the customer,” she said. “The biggest value proposition XDR has is the quality of detections and the context it is able to provide for investigation and response. Much of the detection engineering work security teams would have to do manually is addressed with XDR.”
Parizo said Cybereason is among noteworthy XDR providers. And Mellen said its XDR offering and strategy differentiates XDR from SIEM capabilities. The AI-driven Cybereason Defense Platform integrates with firewall and network detection and response (NDR) vendors to consolidate alerts, correlate network context with user and asset activity, and enable automated or guided response actions from the XDR console.
Mellen said VMware is among providers with a XDR offering and strategy that differentiates XDR from SIEM capabilities. Broadcom, also a noteworthy XDR provider, is in the process of acquiring VMware in a $61 billion deal. However, the deal remains in approvals limbo in Europe.
“We have seen providers increasingly embrace services as managed detection and response (MDR) continues to take hold and augment the range of choices available to organizations,” Crawford said. “We have also seen the realm of XDR expand to embrace additional venues for detection and response.”
Parizo said Trellix is among noteworthy XDR providers. And Mellen said Trellix launching early last year was among events that changed the competitive landscape in the past year.
This month, Trellix launched its new Xtend Global Channel Partner Program. It aims to increase profitability, engagement and growth for partners through widespread adoption of the Trellix XDR platform.
Google’s $5.4 billion acquisition of Mandiant makes the cloud giant one to watch in XDR, Crawford said. Google is merging Mandiant with Google Cloud. The acquisition widens the scope of Google Cloud’s security services by bringing in Mandiant’s deep threat intelligence resources.
Elastic has a robust XDR offering and strategy that differentiates XDR from SIEM capabilities, Mellen said. And Parizo said Elastic is among noteworthy providers. Elastic Security for XDR is an open security solution, allowing organizations to maximize their existing investments and minimize risk.
Parizo said Sophos is among noteworthy providers. It’s among providers whose XDR is available or backed by a managed service, Mellen said. Designed for both security analysts working in dedicated SOC teams and IT administrators covering security and other IT responsibilities, Sophos XDR enables organizations to answer business-critical questions and respond remotely.
Sophos’s acquisition of SOC.OS is among events that impacted the competitive landscape last year, Mellen said.
Cisco is among providers that have a strong XDR offering and strategy that differentiates XDR from SIEM capabilities, Mellen said. And Parizo said Cisco is among noteworthy XDR providers.
Cisco’s open and extensible approach to XDR lets customers leverage the Cisco Secure portfolio of solutions and their existing investment into the company’s security infrastructure. This method helps customers detect, investigate and prioritize incidents with added telemetry sources and contextual insights.
IBM Security is noteworthy because of its acquisitions of ReaQta and Randori, Mellen said. Randori combines attack surface management (ASM) with continuous automated red teaming (CART) to help organizations bolster their cyber defenses. Randori aims to help organizations continuously identify external-facing assets, both on-premises or in the cloud, that are visible to attackers.
Fidelis Cybersecurity is among noteworthy XDR providers, Parizo said. Last month, the company announced its platforms have been added to the Department of Defense (DoD) Enterprise Software Initiative (ESI) program as part of Carahsoft Technology’s most recent award. This will make it easier and faster for the U.S. Department of Defense and U.S. Intelligence Community (IC) to expedite threat detection, hunting and response in hybrid environments.
Secureworks is among noteworthy XDR providers, Parizo said. Secureworks’ Taegis ManagedXDR Enhanced delivers 24/7 extended SOC capabilities for Taegis ManagedXDR customers, enabling rapid threat escalation and orchestrated remediation. It also provides additional investigation context across Taegis and other customer systems, plus investigation of phishing attempts, and governance and advisory support.
Parizo said ESET is among noteworthy XDR providers. Last fall, ESET launched new cloud and XDR solutions for MSPs. By expanding the ESET Protect Platform to include ESET Inspect and ESET Inspect Cloud, MSPs and their business customers have access to dedicated XDR security solutions. The solutions are available either on-premises or via the cloud.
Parizo said Fortinet is among noteworthy XDR providers. Its FortiXDR leverages AI for the investigation effort critical to incident response. Expanding on the cloud-native endpoint platform of FortiEDR, it enhances an organization’s security fabric and the threat protection powered by FortiGuard Labs security services.
ReliaQuest is among noteworthy providers, Parizo said. ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture. It can integrate with existing customer investments, accommodating everyone from large-to mid-enterprises.
This month, ReliaQuest announced partners will be included in all net-new deals going forward as part of the company’s new partner-first model. This model, for which ReliaQuest has been developing the infrastructure over the last several years, will also extend internationally.
Gurucul is among noteworthy providers, Parizo said. Its XDR collects a wide variety of telemetry, correlation and analysis of indicators of compromise (IOCs) for attack detection, prioritized investigation and risk-driven response. With Gurucul Open XDR, SOCs of varying skills and size gain the visibility, context and automation to identify attack campaigns in real time and prevent damage within minutes and hours.
Gurucul is among noteworthy providers, Parizo said. Its XDR collects a wide variety of telemetry, correlation and analysis of indicators of compromise (IOCs) for attack detection, prioritized investigation and risk-driven response. With Gurucul Open XDR, SOCs of varying skills and size gain the visibility, context and automation to identify attack campaigns in real time and prevent damage within minutes and hours.
Interest in extended detection and response (XDR) continues to grow, providing an abundance of opportunities for XDR providers.
XDR systems continually capture focused data and alerts from all the key systems connected to them. Then, they feed this data into a centralized repository, cleaning and normalizing it. In addition to computers, mobile devices and IoT, XDR also draws on data feeds from email security systems, network analysis and visibility tools, identity and access management (IAM) platforms, cloud workload protection systems and elsewhere.
This is our second CF List focusing on XDR. Analysts with Omdia, S&P Global Market Intelligence and Forrester weighed in on XDR market trends and what it takes to be a successful XDR provider.
XDR Providers Facing Steady Market Growth
Eric Parizo is managing principal analyst at Omdia, which shares a parent company with Channel Futures (Informa).
Omdia’s Eric Parizo
“The primary business driver for XDR remains the same: getting better, more consistent outcomes from the threat detection, investigation and response (TDIR) life cycle,” he said. “While traditional security information and event management (SIEM) and next generation-SIEM-based security operations center (SOC) architectures still play an important role, particularly as a data repository for both security and compliance business processes, enterprises increasingly are coming to understand that a solution purpose-built for TDIR is needed, given the speed, volume and complexity with which threats present themselves.”
Omdia forecasts steady XDR market growth, Parizo said.
“Omdia’s latest data indicates the global XDR market will reach $2.33 billion in 2027,” he said. “However, that is a reduction from our previous forecasts, in large part due to macroeconomic uncertainty, particularly in the tech and cybersecurity segments. While we believe demand will be strong over our five-year forecast period, short-term revenue could be uneven.”
XDR Remains New Market
Allie Mellen is security and risk analyst at Forrester.
Forrester’s Allie Mellen
“Thus far, the market is still so new that customer expectations have not evolved significantly,” she said. “XDR is the evolution of endpoint detection and response (EDR) to accept additional data sources for detection and response. It still limits the ecosystem to ensure high-quality detections generated by the vendor.”
Many security teams now understand what XDR is and are looking at how it will affect their current strategy with EDR, Mellen said.
“What will EDR look like as it transitions to XDR?” she said. “Is the EDR provider developing a strong XDR strategy? Security teams are looking for a way to simplify detection engineering and correlation – many have opted to use an managed detection and response (MDR) provider on their journey to XDR.”
XDR Technologies Continue Expanding
Scott Crawford is research director of information security at S&P Global Market Intelligence. He said the breadth of technologies across the broad theme of XDR continues to expand.
S&P Global Market Intelligence’s Scott Crawford
“Two of the more visible areas of expansion – at least in terms of identifying with the threat detection and response theme – have been cloud and identity,” he said. “Cloud detection and response focuses on the nature of threats to cloud-native environments and applications, how those threats can be detected, and how response can be mediated in and through those environments. Identity threat detection and response focuses on how identity and access controls can be exploited. This comes up frequently in contexts such as ransomware, where the compromise and exploit of user credentials is often a key factor along with gaps in access privilege management that can leave protected assets more exposed than an organization may realize.”
More recently, there’s been an increase in response platforms that integrate various aspects of incident response processes, Crawford said. That includes the involvement of insurers and insurance-related parties that may be involved in issues such as ransomware response.
We’ve compiled a list above of 20 top XDR providers based on analysts’ feedback and recent news reports. It’s in no particular order. The list, by no means complete, includes well-known providers. But it also features lesser-known providers making strikes in XDR.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like