Close this search box.

XDR will converge from different directions: XDR, Open XDR, Native XDR, Hybrid XDR -> XDR

2022 Predictions By Aimei Wei

How Stellar Cyber Addresses Data Storage Pain
Initial definitions of XDR envisioned eXtended Detection and Response – a single platform that unified detection and response across the entire security kill chain. According to Rik Turner, who coined the XDR acronym, XDR is “a single, stand-alone solution that offers integrated threat detection and response capabilities.”  To meet Omdia’s criteria to be classified as a “comprehensive” XDR solution, a product must offer threat detection and response functionality across endpoints, networks and cloud computing environments.

Gartner’s definition is similar in that it points to features such as alert and incident correlation, built-in automation, multiple streams of telemetry, multiple forms of detections (built in detections), and multiple methods of response. However, Gartner requires XDR to be achieved through consolidating multiple proprietary vendor specific security products.

Endpoint detection and response tools
Open XDR was initially created by Stellar Cyber as with the same features with Gartner except that not all the security products/components have to be from the same vendor, the platform has to be open and integrate with 3rd party security tools. Some components are built in and others are through deep 3rd party integrations.

Open XDR was later on picked up by vendors who purely rely on a wide ecosystem of 3rd party tools for telemetry sources and response without any built-in components.

Forrest’s definition of XDR requires the platform to be anchored around an EDR. It defines Native XDR as EDR integrating with vendor’s own security tools; Hybrid XDR as EDR integrating with 3rd party security tools; SAP (Security Analytics Platform) as a platform without built in EDR, but with built-in NAV and SOAR with 3rd party integrations; and SSA (Standalone Security Analytics) as those purely rely on 3rd party tools for telemetry sources and responses.

We predict that in 2022, XDR will converge from different directions.

  • XDR will trend to be open and integrate with 3rd party security tools, to allow best of breed tools being used and existing investment preserved. Even those that have historically been closed because they realize they can’t deliver the outcomes enterprises need while attempt