GigaOm Radar for Extended Detection and Response (XDR)v3.0

1. Executive Summary

Enterprise cybersecurity comprises multiple security solutions from various vendors. Solutions are typically combined with a security information and event management (SIEM) and/or a security orchestration automation and response (SOAR) tool to allow security analysts to correlate events across the network to better detect and respond to cyberattacks.

Although SIEM and SOAR tools originally came with out-of-the-box threat detection, the effectiveness of this capability relied heavily on human involvement to fine-tune the system for their environment. Systems were therefore limited by the expertise of the security staff and required extensive maintenance to keep up with the ever-changing threat landscape. This limitation led to less-than-intelligent detection and a crippling overabundance of alerts, resulting in real threats being drowned out by the noise—and remaining undetected.

In contrast, extended detection and response (XDR) solutions distribute detection and response across the security stack to provide ubiquitous coverage from endpoint to cloud by delivering unified visibility, control, and protection. XDR collects telemetry and leverages artificial intelligence (AI), machine learning (ML), or other statistical analysis methods to correlate event logs, and then evaluates them against intrusion response frameworks. Additionally, XDR systems integrate threat intelligence to enhance and improve threat detection capabilities. Although having the full security stack telemetry funnel through an analytics engine that’s enriched with up-to-date threat intel and measured against intrusion frameworks doesn’t provide a silver bullet for security, it’s as close to “security in a bag” as you can get at this time.

XDR attempts to address the security skills gap by reducing the need for experienced security analysts and instead using AI, ML, and statistical methods to provide threat intelligence-driven analysis. It identifies connections between seemingly unrelated network activities to uncover sophisticated attacks, and automated remediation procedures reduce the mean time to respond (MTTR) to a potential incident.

This is our third year evaluating the XDR space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Radar report examines 19 of the top XDR solutions in the market, and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading XDR offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.