Table of Contents
- Summary
- Market Categories and Deployment Types
- Key Criteria Comparison
- The GigaOm Radar
- Vendor Insights
- Analyst’s Take
- Methodology
- About Chris Ray
- About GigaOm
- Copyright
1. Summary
Enterprise cybersecurity comprises multiple security solutions from various vendors. Solutions are paired with a security information and event management (SIEM) and/or a security orchestration automation and response (SOAR) tool to allow security analysts to correlate events across the network to better detect and respond to cyberattacks.
Although SIEM and SOAR tools originally came with out-of-the-box threat detection, the effectiveness of this capability relied heavily on human involvement to fine-tune the system for their environment. So, systems were limited by the knowledge of the available security staff and required extensive maintenance to keep up with the ever-changing threat landscape. This limitation led to less-than-intelligent detection and a crippling overabundance of alerts, resulting in real threats being drowned out by the noise and remaining undetected.
In contrast, extended detection and response (XDR) solutions distribute detection and response across the security stack to provide ubiquitous coverage from endpoint to cloud by delivering unified visibility, control, and protection. XDR collects telemetry and leverages artificial intelligence (AI), machine learning (ML), or other statistical analysis methods to correlate event logs, and then evaluates them against intrusion response frameworks. Additionally, XDR systems integrate threat intelligence to enhance and improve threat detection capabilities. Although having the full security stack telemetry funnel through an analytics engine that’s enriched with up-to-date threat intel and measured against intrusion frameworks doesn’t provide a silver bullet for security, it’s as close to “security in a bag” as you can get at this time.
XDR attempts to address the security skills gap by reducing the need for experienced security analysts and instead using AI, ML, and statistical methods to provide threat intelligence-driven analysis. It identifies connections between seemingly unrelated network activities to uncover sophisticated attacks, and automated remediation procedures reduce the mean time to respond (MTTR) to a potential incident.
This GigaOm Radar report highlights key XDR vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating XDR Solutions,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.