10 Hot XDR Security Companies You Should Watch In 2023
These XDR (extended detection and response) vendors are enabling businesses to collect and correlate data feeds across their security tools and environments — ultimately providing an improved way to prioritize threats.
XDR Takes Off
When it comes to threat detection and response, just looking at the endpoint or the network are no longer enough. The approach that many of the world’s biggest cybersecurity companies have been moving toward in this sphere is XDR, or extended detection and response. One of the fastest-growing categories in cybersecurity today, XDR aims to provide enhanced security by correlating data from across in organizations environment’s and devices, and then prioritizing the most serious threats for a response. Major security companies that have embraced the XDR architecture in their detection and response offerings include CrowdStrike, Microsoft, Palo Alto Networks, SentinelOne, Trellix and many more.
There are now dozens of XDR vendors in all, and Gartner has forecast that 40 percent of organizations will have deployed an XDR platform by 2027, up from 5 percent in 2021. As a still-early trend in cybersecurity, however, XDR still sees a lot of variation in terms of approach and capabilities. What are some of the XDR players that are worth a closer look? We’ve tried to nail down a solid list of the XDR security companies that we’ve been following, who have shared details over the past year about each of their distinct approaches to the XDR concept.
For those who are not familiar, here are a few FAQ answers on XDR. First off: Why “extended”? The acronym builds upon EDR, or endpoint detection and response, which became a huge focus for security teams over the past decade (and continues to be today). The idea is that threat detection needs to extend past the endpoint — or any other device or environment for that matter — in order to give an accurate picture of the threats that an organization is actually facing.
What are some of the differences between the different approaches to XDR? A big one is the difference between so-called “native” XDR and “open” or “hybrid” XDR. A few large vendors that offer a wide enough range of security tools that they can power an XDR just by utilizing data feeds from their own first-party products. Those vendors are known as native XDR providers. XDR platforms that can correlate and analyze data from third-party tools are known as open/hybrid XDR, and make up the bulk of XDR platforms at this point. Many native XDR players are also offering a way to combine their detections with data from third-party tools (and, for that matter, many open/hybrid XDR vendors have their own first-party tools, as well).
Regardless of exactly how they define themselves, XDR platforms all share a focus on giving a boost to shorthanded security teams, with the aim of improving the quality of threat detection while also reducing the overload in alerts. “XDR lets you really drill down yourself to see what’s going on in an attack,” said Ron Brown, co-founder and CTO of solution provider White Rock Cybersecurity. With XDR, you’re able to know, “What did it touch? Where did it go? What were they trying to do? How did it get in?” he said. “So you really start to analyze the threat itself, to see where the vector was, then you can go back and address that. So you mitigate the threat, analyze where it came from and go close that hole.”
What follows are our picks for 10 XDR security companies worth watching in 2023.