Virtualization Technology News and Information
Stellar Cyber 2022 Predictions: XDR will converge from different directions: XDR, Open XDR, Native XDR, Hybrid XDR -> XDR

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

XDR will converge from different directions: XDR, Open XDR, Native XDR, Hybrid XDR -> XDR

By Aimei Wei, co-founder and CTO, Stellar Cyber

Initial definitions of XDR envisioned eXtended Detection and Response - a single platform that unified detection and response across the entire security kill chain. According to Rik Turner, who coined the XDR acronym, XDR is "a single, stand-alone solution that offers integrated threat detection and response capabilities." To meet Omdia's criteria to be classified as a "comprehensive" XDR solution, a product must offer threat detection and response functionality across endpoints, networks and cloud computing environments.

Gartner's definition is similar in that it points to features such as alert and incident correlation, built-in automation, multiple streams of telemetry, multiple forms of detections (built-in detections), and multiple methods of response. However, Gartner requires XDR to be achieved through consolidating multiple proprietary vendor-specific security products.

Open XDR was initially created by Stellar Cyber as with the same features Gartner mentions, except that not all the security products/components have to be from the same vendor. The platform is open and integrates with third-party security tools. Some components are built in, and others are through deep third-party integrations.

Open XDR was later picked up by vendors who purely rely on a wide ecosystem of third-party tools for telemetry sources and response without any built-in components.

Forrester's definition of XDR requires the platform to be anchored around an EDR. It defines Native XDR as EDR integrating with a vendor's own security tools; Hybrid XDR as EDR integrating with third-party security tools; SAP (Security Analytics Platform) as a platform without built-in EDR, but with built-in NAV and SOAR with third-party integrations; and SSA (Standalone Security Analytics) as those purely relying on third-party tools for telemetry sources and responses.     

We predict that in 2022, XDR will converge from different directions.

  • XDR will trend towards openness and integration with third-party security tools to allow best-of-breed tools to be used and existing investments preserved. Even those vendors that have historically been closed will become open, because they realize they can't deliver the outcomes enterprises need while attempting to own the entire stack.
  • XDR doesn't have to anchor from EDR as long as high-efficacy detections are achieved through integration with EDR products
  • XDR platforms will have some built-in components and others through third-party integration. The more built-in components, the more value to get up-front without needing to acquire third-party tools. The more out-of-the-box integrations, the more existing investments can be preserved and the more choices from among best-of-breed products.

Our definition of XDR is that it's a unified security incident detection and response platform that:

  • Provides high-efficacy detections across ALL the data sources: endpoint, network, cloud, application, user, assets, email, etc. through either built-in EDR, NDR, CDR, TIP or out-of-the-box third-party integration.
  • Includes automatic alert correlation across all data sources and security tools to speed up validation and investigation, along with automation of more advanced workflows with sophisticated attack correlation.
  • Enables automatic responses across different security tools through built-in or out-of-the-box integration with SOAR.
  • Incorporates threat hunting across all data sources by allowing analysts to visualize and store large volumes of data for long periods of time through a built-in, next-gen SIEM or out-of-the-box integration with third-party SIEMs.

XDR is about automatic detection and response across the entire attack surface, and that means anything less than everything is not enough. XDR ultimately means "Everything Detection and Response."



Aimei Wei 

Aimei has over 20+ years of experience building successful products and leading teams in data networking and telecommunications. She has extensive working experience for both early stage startups including Nuera, SS8 Networks and Kineto Wireless as well as well-established companies like Nortel, Ciena and Cisco. Prior to founding Stellar Cyber, she was actively developing Software Defined Networks solutions at Cisco. Aimei enjoys building a product from its initial design to its final launch. Aimei has an M.S. in Computer Science from the Queen’s University in Kingston, Canada and an Undergraduate degree in Computer Science from the Tsinghua University of China.

Published Wednesday, November 24, 2021 7:31 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2021>