• About Us
  • Advertising
  • Digital Magazine
  • Supplements
  • Media Pack
  • Privacy Policy
  • Contact us
CXO Insight Middle East
  • News
  • Opinion
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
    • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CXO50 Oman
    • CXO50
    • ICT Awards
      • Dubai 2025
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2024
    • All events
  • GITEX
  • Digital Magazine
No Result
View All Result
CXO Insight Middle East
  • News
  • Opinion
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
    • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CXO50 Oman
    • CXO50
    • ICT Awards
      • Dubai 2025
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2024
    • All events
  • GITEX
  • Digital Magazine
No Result
View All Result
CXO Insight Middle East
No Result
View All Result

Why XDR is a Movement

by CXO Staff
February 22, 2021
in Opinions

Marc Solomon, Chief Marketing Officer at ThreatQuotient, says for XDR to truly be a movement, a conduit is required between an XDR solution and the data sources and security tools it needs to interoperate with.

cybersecurity
Marc Solomon, ThreatQuotient
Marc Solomon, ThreatQuotient

In some of the largest cybersecurity companies in the world, most industry analysts and other security experts are talking about the emergence of Extended Detection and Response (XDR) solutions, which Gartner defines as solutions that “automatically collect and correlate data from multiple security products to improve threat detection and provide an incident response capability.” If this were possible today, imagine the gains in Mean Time to Detection (MTTD) and Mean Time to Respond (MTTR) to an attack or active threat in your environment.

I refer to XDR as a movement because it is gaining traction by expanding its approach to achieve its goal. For instance, in March, Gartner talked about XDR as a vendor-locked, cloud-based offering. But at the virtual Gartner Security and Risk Management Summit 2020 in September, VP analyst Peter Firstbrook discussed an alternative approach which broadens the category to include a best-of-breed XDR strategy. Further fuelling momentum, Gartner called XDR the number one trend CISOs should understand to strengthen security initiatives.

We have the definition of XDR by Gartner above, but what does it really mean from a practical standpoint? Let me start with a simple and important statement:

XDR <> EDR + NDR

Unfortunately, this is how some have viewed the development of XDR – bridging the gap between endpoint (EDR) and network detection and response (NDR).  However, XDR has a broader, more complicated reality:

XDR = EDR + NDR + CDR + the dozens of existing security tools

This reality forces the need for a best-of-breed strategy, at a minimum from a transition standpoint, but more likely for an ongoing basis.

Organisations often protect themselves by using many different technologies, including firewalls, IPS/IDS, routers, web and email security, and endpoint detection and response solutions. They also have SIEMs and other tools that house internal threat and event data – ticketing systems, log management repositories, case management systems. They may rely on one or two “large vendors” to handle the bulk of their security tasks, but typically they use at least a few best-of-breed vendors for controls, which the larger vendors do not have or do not excel in. Many studies, going back years, find that some Global 2000 enterprises have as many as 80 different security vendors in their environment. This happens naturally over time with different teams, budgets and departments making independent decisions. Vendors also must be able to accommodate the reality that not every organisation will have all their tools from a single provider out of the gate, and the appetite to rip and replace is low. Not to mention the fact that new vendors and solutions will continue to emerge given the ongoing innovation required to keep up with new use cases, threats and threat vectors.

Whichever path to XDR is selected, integration with existing tools in the security infrastructure is essential for XDR solutions to merit and capitalise on all the attention. The reasons are obvious for a best-of-breed approach, but even single-source XDR requires integrations to deliver on the promise. There are two key types of integrations that are needed:

Integration with third-party data and intelligence feeds – companies use an average of five external feeds within their environment. These can include commercial sources, open source, government, industry, existing security vendors – as well as frameworks like MITRE ATT&CK. Having the ability to utilise this data as part of your detection and response strategy is critical. It improves the breadth, speed and relevance of detections, rather than just relying on a vendor’s intelligence.

Integration with third party systems – this is important for multiple reasons. First, additional telemetry, context and events from internal systems is key to putting the pieces together for detection. This data from internal systems is often overlooked but is one of the best sources of intelligence, and when combined with external data will improve detection. Second, integrating with the internal systems will allow for faster response and the right mix of automation and manual actions. Systems become more effective and people more efficient.

To really recognise the benefits. There are several paths, but the most common is starting with a company’s EDR implementation and then adding capabilities.

EDR: endpoint detection and response from a single vendor, using that vendor’s detection content

EDR +: a vendor’s EDR solution plus integration with third-party data and intelligence for faster, more effective detection.

EDR ++: a vendor’s EDR solution plus integration with third-party data and intelligence for faster, more effective detection, plus integration with the other tools in your infrastructure for more efficient response.

To truly become a movement that more organisations can get behind, what’s needed is a conduit between an XDR solution and the data sources and security tools it needs to interoperate with. A centralised platform that bridges these gaps can provide the integrations and intelligence for all teams and tools to use which helps with detection, understanding and response and unleashes the full potential for XDR.

Tags: CybersecurityExtended Detection and ResponsefeaturedThreatQuotientXDR
ShareTweet

Related Posts

How the Middle East is becoming a global hub for experiential digital innovation
Opinions

How the Middle East is becoming a global hub for experiential digital innovation

Across the Middle East, governments and private enterprises are investing heavily in experiential digital experiences that blur the lines between...

June 18, 2025
Channel Vision Strategy: Empowering cyber resilience
Opinions

What most businesses get wrong about data security

In today's AI-driven world, vast amounts of data are generated daily across industries like finance, e-commerce, healthcare, and government services....

June 11, 2025

Discussion about this post

Latest Issue

Massive data breach exposes 16 billion credentials

Massive data breach exposes 16 billion credentials

June 20, 2025
Pure Storage introduces the Enterprise Data Cloud

Pure Storage introduces the Enterprise Data Cloud

June 19, 2025
HCLSoftware targets Middle East growth with XDO Framework launch in Dubai

HCLSoftware targets Middle East growth with XDO Framework launch in Dubai

June 18, 2025

The most trusted source of strategic intelligence for IT decision makers in the Middle East.

About

  • About Us
  • Advertising
  • Digital Magazine
  • Supplements
  • Media Pack
  • Contact Us

Policies

  • Privacy Policy

© 2024 – CXO Insight Middle East. All Rights Reserved.

Facebook-f X-twitter Linkedin
Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden.

About

  • About Us
  • Site Map
  • Contact Us
  • Career

Policies

  • Help Center
  • Privacy Policy
  • Cookie Setting
  • Term Of Use

Join Our Newsletter

© 2024 – CXO Insight Middle East. All Rights Reserved.

Facebook-f Twitter Youtube Instagram

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Join our mailing list
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
No Result
View All Result
  • News
  • Opinions
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
  • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CX50 Oman
    • CXO50
    • ICT Awards
      • Dubai
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2023
    • All events
  • Videos
  • GITEX GLOBAL
  • Digital Magazine

© 2024 - CXO Insight Middle East. All Rights Reserved.