The XDR (eXtended Detection and Response) security market is reaching a fever pitch. Businesses from all types of backgrounds -- cloud providers, cybersecurity software firms, MSSPs and more -- are jumping into the XDR market.
The big question: Can XDR live up to its hype as a way for MSSPs to unify cloud, network, endpoint and other types of security? Before we tackle that question, let's take a look at key moves -- all of which surfaced today (October 12, 2021). Sorted alphabetically by company name, today's XDR developments included:
1. AT&T: The company has launched AT&T Managed XDR solution -- a cloud-based security platform. The platform features security threat analytics, machine learning, and third-party connectors to protect endpoint, network, and cloud assets with automated and orchestrated malware prevention, threat detection, and response, the company said.
2. CrowdStrike XDR and CrowdXDR Alliance: The new CrowdStrike Falcon XDR extends the company's EDR capabilities to "deliver real-time detection and automated response across the entire security stack," the company claims. In a related move, the new CrowdXDR Alliance features partnerships that establish a common XDR language for data sharing between security tools and processes. Launch partners include Google Cloud, Okta, ServiceNow, Zscaler, Netskope, Proofpoint, Extrahop, Mimecast, Claroty and Corelight, according to CrowdStrike.
3. Cybereason: The company partnered with Google Chronicle to introduce Cybereason XDR powered by Chronicle. The cloud-native service “automates prevention for common attacks, guides analysts through security operations and incident response, and enables threat hunting with precision at a pace never before achieved,” the two companies assert.
4. eSentire: The company expanded its eSentire MDR services with Microsoft Azure Sentinel as part of a strategy to support Microsoft SIEM, endpoint, identity, email and cloud security services eSentire’s proprietary Atlas XDR Cloud platform ingests signals from Microsoft 365 and Azure environments, "enriching them with Artificial Intelligence and Machine Learning models for automated disruption, enabling rapid human-led investigation when required, and providing further contextual awareness, driving complete response," the company said.
5. Huntress: the company expanded its Huntress MDR security platform to include a managed antivirus service. That's essentially a step toward a formal XDR push. Moreover, the company now has security analysts in the United States, the United Kingdom and Australia to deliver worldwide threat hunting capabilities to MSP partners worldwide.
6. ReliaQuest: The company expanded its GreyMatter open XDR platform with a Security Model Index, and Verify capabilities. The result: Organizations can "deliver cyber risk metrics, test and validate security controls across their cybersecurity program and take action to continuously improve their risk profile," according to ReliaQuest.
7. Stellar Cyber: The company says 12 of the Top 250 MSSPs have embraced Stellar Cyber Open XDR. Stellar Cyber’s Open XDR platform works with customers’ existing EDR, SIEM, UEBA, NDR, and other solutions to preserve their investments, Stellar Cyber notes.
XDR Questions MSSPs Need to Ask
MSSPs that are seeking to navigate XDR options should keep a few terms and considerations front-of-mind. For instance:
1. Is the XDR service managed or unmanaged -- and who is doing the management?: In theory, a managed XDR service (i.e., the software company delivers the management) lowers the workload for MSPs and MSSPs. Generally speaking, an unmanaged XDR service pushes some more work out to MSPs, MSSPs and their SOC analyst teams. Of course, the actual "managed" experience may vary significantly from one managed XDR service to the next.
2. Who truly owns the threat response?: If a managed XDR service uncovers a problem at a customer site, who is responsible for tackling the actual response to that threat:
- The XDR software company?
- The MSSP?
- The end-customer?
- Somebody else?
- All of the above?
The answer may vary on a threat-by-threat basis, but MSSPs need to truly understand the ownership and escalation process for the R in XDR.
3. Is the XDR service open?: Some XDR services are designed to work with a specific vendor's endpoint, network and cloud services. Other "open" XDR services are designed to work with third-party security tools that MSSPs and customers may already have in place. Carefully weigh single-vendor solutions to see if they're truly "best of breed." On the flip-side, carefully weigh open XDR solutions to see if they're truly open to third-party tools that you may already have in place.
4. Is the XDR service multi-tenant?: If so, find out if it was multi-tenant since inception. Sometimes, vendors develop software for corporate IT departments and only later add multi-tenancy for MSSP and MSP consumption. Software companies that are obsessed with MSPs and MSSPs will design their software with multi-tenancy capabilities from the start.
Admittedly, the list above is just a starting point for MSPs and MSSPs. Done right, managed XDR services can drive down cyber risk for service providers and their end-customers. Just be careful of the managed XDR market hype, which can be deafening.
