Minicast: As XDR emerges, be clear about what you are actually getting

The evolution of endpoint detection and response to extended detection and response inevitably led to some uncertainty about the distinctions.

That's a natural consequence of the emergence of a new market, however, any lingering confusion should start to dissipate as the market matures said Tom Beresford, regional director public sector for CrowdStrike.

He also said a lot of confusion comes from posturing by some suppliers.

"We've seen the legacy players grab it and really tie to 'if you buy all of our technologies they all talk to each other and you have XDR.

"We've other vendors come along and say look, you do ingest all the information you're already ingesting you have XDR, whereas I guess CrowdStrike and probably the industry analysts taking a different approach to that."

He said CrowdStrike's view of XDR is that it provides the ability to take common schema or common data layers across multiple vendors and integrate that into blueprints to enable detection, investigation, hunting and ultimately response.

"I think XDR really presents an opportunity to layer that orchestration and automation layer across those four pillars."

Industry analysts such as Forrester have stepped into the breach to add some certainty and definition to the conversations, he said.

Beresford said analysts such as Forrester Research have grabbed hold of the terminology and wrapped some of their own clear, more concise definitions around it. This he said, "Ultimately helps customers get through some of the confusion and get past that confusion and make decisions based on a true definition of what XDR is."

Indeed when it first released Forrester New Tech: Extended Detection And Response (XDR) Providers, Q3 2021 Forrester analyst Allie Mellan noted, "The emergence of XDR has plunged security pros into yet another confusing and dissatisfying debate over whether a technology will be a genuine alternative to security information and event management (SIEM) or just another copycat."

Mellen said Forrester believes differentiated XDR technology will supersede endpoint detection and response (EDR) in the short term and usurp SIEM in the long run.

"XDR provides a novel approach to a decades-old problem, as EDR providers expand their capabilities and target market."