Virtualization Technology News and Information
Stellar Cyber 2021 Predictions: Open XDR Goes Mainstream

vmblog 2021 prediction series 

Industry executives and experts share their predictions for 2021.  Read them in this 13th annual series exclusive.

By Changming Liu, CEO and Co-Founder, Stellar Cyber

2021 Prediction: Open XDR Goes Mainstream

The cybersecurity world loves acronyms, and XDR is among the newest ones going around.  XDR, or eXtended Detection and Response, is a foundational technology that detects cyberattacks anywhere they may occur - on endpoints, in servers, in applications, by users, in the network, or in cloud or SaaS environments.

In the beginning of 2020, we revealed Open XDR as our vision for cybersecurity in 2020 . About nine months later in September, Gartner listed XDR as the number one trend out of top 9 security and risk trends for 2020. A few weeks later, also in September, in 451's updated outlook for 2020, XDR is listed one of the three trends in Cybersecurity for 2020. In this year's VMworld at the end of September, VMware also jumped into the XDR discussion through its acquisition of Carbon Black, a leading EDR vendor.

However, not surprisingly, like any emerging technology, there are some confusions about XDR. Cybersecurity vendors are building XDR systems in two fundamentally different ways:

  • They are taking their point solutions such as NGFW or EDR as the foundation and acquiring other companies with complementary technology, and then rolling them up into XDR products through integration. Palo Alto Networks and VMware and others are pursuing this approach. However, is the EDR the right core and basis for XDR platform and do customers have all tools from a single vendor?
  • They are building Open XDR platforms from the ground up that are independent of any tool. Here, ‘open' means EDR, NDR, SIEM, SOAR, etc. This allows the customers to leverage what they have and not be forced into a closed, proprietary system. The applications built on top of this platform are native and tightly integrated.

Let's look at the second option more closely. Open XDR - XDR that can integrate with other, existing security tools - letting Security Operations Center (SOC) staff leverage the tools and telemetry they already trust while allowing them to pick and choose the best-of-breed tools in the future without vendor lock-in. Because it unifies previously siloed solutions into a cohesive whole, it makes analysts more productive by showing detections from across the infrastructure on one console instead of many, and more confident by piecing together complex attacks through weak signals of many existing tools. The tightly-integrated, built-in applications have huge savings on licensing fees. As a result, we believe Open XDR will gain traction in 2021.

Why should anyone care about the difference, as long as the result is an XDR platform that gets them to the land of cyber-nirvana? There are three reasons. First, it is very rare for an enterprise to buy all of their security tools from a single vendor. Vendor-assembled collections of previously stand-alone tools are apt to be ‘closed XDR' or proprietary, so buyers must abandon their existing solutions in order to acquire XDR capabilities. Second, an XDR platform needs to build on a cloud-native architecture for big data and be able to take data and transform it from any security tools and correlate them effectively. Vendor-assembled XDR platforms tend to be biased toward the original tool on which they were based, whether it's EDR or NGFW. Third, these collections of formerly stand-alone tools often present on multiple consoles of original tools, making cross-tool correlation difficult or impossible.

But when an Open XDR platform is built independent of any core tool from ground up, the software engineers can build the right architecture and process data efficiently across all data sources. They can also tightly integrate a dozen or more tools under one interface to make them work more effectively without biasing the detections toward any particular tool. Moreover, this agnostic XDR platform is open, so it can interact with existing solutions to maximize their benefits. This makes transitioning to XDR easier, less disruptive and less expensive, and it improves the effectiveness of existing tools by adding a second, broader ‘set of eyes' on initial detections from an existing tool like EDR, SIEM or whatever.

Many analyst firms like Enterprise Strategy Group (ESG), Gartner, Omdia and 451 Group have begun to recognize the value of Open XDR, and the marketplace is following quickly. So, in 2021, there will be less focus on EDR, SIEM, NTA, or UEBA analysis and more on Open XDR, which delivers comprehensive cybersecurity rolled up under one platform with one interface under one license - a truly unifying force in the next-generation security operations center.


About the Author

Changming Liu 

Changming Liu has a wealth of leadership, networking, security, big data, and machine learning expertise. Before co-founding Stellar Cyber, he was a co-founder, CTO, and Board Member at Aerohive Networks, a cloud networking provider which successfully completed an IPO in 2014. Prior to founding Aerohive, Changming was a Distinguished Engineer at Juniper Networks, following the acquisition of NetScreen Technologies. At Netscreen he was a Sr. Manager and key architect in networking and security. He is an author of close to 20 patents and holds a B.Sc. in Computer Science from Tsinghua University in Beijing, and a M.S. in Computer and Electrical Engineering from Queen's University, Ontario, Canada.

Published Monday, October 19, 2020 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2020>