Extended detection and response (XDR) has emerged in the last few years as a new approach by cybersecurity vendors to unify their products into a comprehensive security offering.
That all-in-one approach can give users the comfort of comprehensive cybersecurity defenses with the ease of integration and support that comes from a single vendor – but it can also mean vendor lock-in and settling for some products that aren’t best of the breed. Whether you choose a single solution or assemble a comprehensive one yourself will hinge on your own security needs and level of staff expertise.
No matter the existing security stack, XDR offers administrators central management and visibility of hybrid environment security solutions like:
- Endpoint detection and response (EDR)
- Managed detection and response (MDR)
- Network detection and response (NDR)
- Security information and event management (SIEM)
- Security orchestration, automation, and response (SOAR)
- User and entity behavior analytics (UEBA)
This article looks at the best XDR vendors and products in 2021, what XDR is, and how to consider XDR solutions.
Top XDR Software Recommendations
Enterprise-grade security and risk management with exceptional prevention, detection and response capabilities. Management Console, Endpoint Protection Platform, File Server Security, Advanced Threat Defense, Full Disk Encryption and Extended Detection & Response.
A fully compliant XDR solution supported by a live team of experts. Heimdal’s XDR replaces fragmented, legacy tools and unresponsive data-gathering software for a consolidated approach, offering you a seamless experience. Data gathered from across your ecosystem is fed into Heimdal’s Intelligence Center for fewer false positives and rapid and accurate detection. The fully automatic functionality allows for greater incident response operations while keeping down the costs.
Cynet Extended Detection and Response solution prevents and detects threats on endpoints, networks, and users. For each identified threat it triggers an automated investigation flow that reveals the attack’s scope and root cause, as well as applies automated remediation. A 24/7 Managed Detection & Response (MDR) team continuously monitors and optimizes this process to maintain top quality and precision.
Log360 is a SIEM solution that helps combat threats on premises, in the cloud, or in a hybrid environment. It also helps organizations adhere to several compliance mandates. You can customize the solution to cater to your unique use cases.
It offers real-time log collection, analysis, correlation, alerting and archiving abilities. You can monitor activities that occur in your Active Directory, network devices, employee workstations, file servers, Microsoft 365 and more. Try free for 30 days!
An early entry in the budding XDR space, Trend Micro‘s has offered managed XDR services since 2019. The announcement of the Vision One platform earlier this year further points to their commitment to XDR for the immediate future. Pairing with SIEM and SOAR systems, the Trend Micro Vision One managed XDR priorities risk visibility and agent and policy management. Vision One takes data from endpoints, servers, cloud, emails, and network security systems producing an XDR data lake of telemetry, metadata, logs, and netflow.
On Gartner Peer Insights, Trend Micro holds a 4.8/5 star rating over 164 reviews. In the most recent Gartner Magic Quadrant and Forrester Wave, Trend Micro received a market Leader designation. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, Trend Micro had an overall detection rate of 95.98% between telemetry and analytic detections.
Palo Alto Networks Cortex XDR
With roots in the development of stateful inspection for firewalls and IDPS, it’s fitting to see the company succeed in the next-generation firewall (NGFW) and zero trust security spaces. For extended infrastructure protection, PAN offers the industry-first extended solution Cortex XDR. Combining insights across endpoint, network, and cloud data, Cortex XDR reportedly reduces alerts by 98% to relieve administrators. Other key features include threat hunting and intelligence through PAN’s Unit 42, ML-based behavioral analysis, and streamlined deployment.
On Gartner Peer Insights, Palo Alto Networks holds a 4.6/5 star rating over 140 reviews. In the Q1 2020 Forrester Wave, PAN received a placement of market Contender. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, PAN had an overall detection rate of 97.13% between telemetry and analytic detections.
One of the smallest companies on our list and the youngest, Cynet’s built an impressive solution set that includes AV, EDR, UEBA, incidence response, and network analysis. Together, these technologies combine to produce a platform dubbed Cynet 360. Boasting it as the world’s first autonomous breach protection platform, Cynet’s trinity of solutions within Cynet 360 is XDR, response automation, and MDR. Other features include pre-built and custom remediation, a central console for holistic visibility, and network traffic analysis.
On Gartner Peer Insights, Cynet holds a 4.8/5 star rating over 41 reviews in the EDR segment. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, Cynet had an overall detection rate of 87.93% between telemetry and analytic detections.
In less than a decade, Crowdstrike and their flagship product line Falcon have changed the cybersecurity industry. Analysts believe the endpoint protection and threat intelligence unicorn is a leading candidate to take the XDR market by storm. Falcon software plans and capabilities include advanced anti-virus (AV), threat intelligence and threat hunting, firewall management, EDR, and incident response. For an enterprise of any size, Crowdstrike offers multiple tiered plans and standalone licenses for specific solutions.
On Gartner Peer Insights, Crowdstrike holds a 4.9/5 star rating over 263 reviews. Crowdstrike is the third-most reviewed solution on Gartner behind SentinelOne and VMware. In the most recent review of the EDR market, Gartner and Forrester listed Crowdstrike as a Leader. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, Crowdstrike had an overall detection rate of 87.93% between telemetry and analytic detections.
Microsoft 365 Defender and Azure Defender
Microsoft, with a trio of security products that combine to offer extended infrastructure protection. Together, Azure Sentinel, Microsoft 365 Defender, and Azure Defender offer a cloud-native SIEM and XDR solution for enterprises. XDR capabilities built into 365 Defender and Azure Defender include coverage of all network components and environments, priority alerts, and threat response coordination. There’s always a financial incentive to bundle with the tech giant, so Microsoft‘s ability to quickly extend these capabilities to existing customers is an inherent advantage.
On Gartner Peer Insights, Microsoft holds a 4.5/5 star rating over 158 reviews. Microsoft‘s 365 Defender made the Forrester Wave and Gartner Magic Quadrant Leaders in the most recent reviews. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, Microsoft had an overall detection rate of 86.78% between telemetry and analytic detections.
SentinelOne Singularity XDR
In 2013 SentinelOne launched in the endpoint protection space – last month, the vendor raised $1.2 billion at their IPO. In a word, the Mountain Valley, California firm has made a name for itself. In May, MITRE ATT&CK evaluations showed SentinelOne detected 100% of attack techniques, beating out PAN and Trend Micro. For enhancing SOC-level operations with end-to-end infrastructure visibility, SentinelOne offers Singularity XDR. Features include an easy-to-use automation ecosystem, enhanced SOAR functionality, and machine speed containment.
On Gartner Peer Insights, SentinelOne holds a 4.9/5 star rating over 339 reviews. For Gartner’s platform, SentinelOne is the highest-rated and most reviewed XDR solution. In the most recent reviews of the EDR market, SentinelOne is a Strong Performer in the Forrester Wave and a Leader in the Gartner Magic Quadrant. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, SentinelOne had an overall detection rate of 100% between telemetry and analytic detections.
Cybereason Cyber Defense Platform
Started in 2012, Cybereason’s roots are in the Israeli intelligence community and, while still a relatively small team, their rise in the cybersecurity industry has been impressive. Offering EDR managed security services like managed detection and response (MDR) and network assessments, Cybereason has a platform of security solutions that form the Cybereason Defense Platform. Uniting all endpoints and extending visibility across the network infrastructure, Cybereason offers automated controls and remediation, and actionable threat intelligence.
On Gartner Peer Insights, Cybereason holds a 4.4/5 star rating over 110 reviews. In the most recent review of EDR vendors, the Gartner Magic Quadrant placed Cybereason as a Visionary in 2021, and the Forrester Wave put the vendor as a Strong Performer. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, Cybereason had an overall detection rate of 91.95% between telemetry and analytic detections.
Broadcom Symantec XDR
Indeed evolving with the times, Symantec Security Solutions are Secure Access Service Edge (SASE), zero trust security, and what we’re here for – the Symantec XDR. Broadcom’s XDR solution gathers telemetry from workstations, servers, phones, tablets, emails, cloud, third-party applications, and more to offer advanced insights. Other features include data normalization, risk scoring, and automated attack surface reduction.
On Gartner Peer Insights, Symantec holds a 4.5/5 star rating over 152 reviews. In the most recent Gartner Magic Quadrant, Broadcom Symantec was named a Visionary. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, Symantec had an overall detection rate of 91.38% between telemetry and analytic detections.
Cisco SecureX and Secure Endpoint
For XDR-focused solutions, Cisco offers SecureX and Secure Endpoint. In addition to traditional EDR capabilities, XDR features include advanced incident management, threat intelligence, automation, and orchestration. Other benefits include endpoint forensics, machine learning analysis, and script protection for blocking specific DLLs.
On Gartner Peer Insights, Cisco holds a 4/5 star rating over 75 reviews. Cisco was named a Visionary in the 2021 Gartner Magic Quadrant. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, Cisco had an overall detection rate of 70.11% between telemetry and analytic detections.
Also read: How AI is Advancing Cybersecurity
Mandiant Automated Defense
Mandiant – soon to become part of Google – offers Automated Defense for the XDR space. The company is highly regarded for its incident management, contributions to indicators of compromise (IOC) research, and Mandiant Advantage, a platform for automating security response teams. Using data science and ML, the Automated Defense software triages alerts, scales SOC capabilities, and accurate investigations 24/7.
Under the FireEye name before the two split last year, Mandiant made the 2021 Gartner Magic Quadrant as the Niche Player with the most substantial ability to execute. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, FireEye had an overall detection rate of 78.16% between telemetry and analytic detections.
VMware Carbon Black Cloud
The Palo Alto-based virtualization giant is one of the biggest companies on our list. VMware’s XDR solution is the Carbon Black Cloud. Acquired in 2019 for $2.1 billion, Carbon Black brought anti-virus, EDR, and vulnerability management to the table, giving VMware a platform to integrate existing solutions like vSphere and NSX firewalls. In June, VMware‘s security chief repeated previous intentions of their strategy, telling SDxCentral that XDR is “the new frontier for us.”
On Gartner Peer Insights, VMware holds a 4.6/5 star rating over 277 reviews. VMware is the second most reviewed solution behind SentinelOne. On the Gartner Magic Quadrant from May, VMware was placed in the Visionary quadrant and is a Strong Performer in the most recent Forrester Wave. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, Carbon Black had an overall detection rate of 88.51% between telemetry and analytic detections.
McAfee MVISION XDR
Note: McAfee is now under the Trellix name after merging with FireEye, although McAfee’s cloud products will soon become a separate company. As Trellix rebrands the merged products, many McAfee and FireEye products will be included in the Trellix XDR platform.
Longtime security software brand McAfee continues to adapt to paradigm-shifting technologies, including offering MVISION XDR. The Santa Clara, California company, points to the litany of operational inefficiencies of modern security operations centers (SOC) for why XDR is the solution of the future. McAfee boasts that MVISION XDR is a proactive, sensitive data-aware, and cross-infrastructure platform built to bring endpoint, network, and cloud data together. McAfee offers a solution that can correlate alerts, automate investigation playbooks, and hunt malicious activity.
On Gartner Peer Insights, McAfee holds a 4.7/5 star rating over 39 reviews. While Gartner places McAfee as a Leader in the 2021 Magic Quadrant for EDR solutions, the most recent Forrester Wave only put the enterprise provider as a Contender. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, McAfee had an overall detection rate of 86.78% between telemetry and analytic detections.
Sohpos Intercept X Endpoint
Unlike SentinelOne’s trajectory, Sophos has gradually built a diverse portfolio that includes EDR, firewalls, cloud security, and managed services. Sophos’ XDR solution is Intercept X Endpoint for the vast infrastructure security space, offering complete visibility into network data. As a comprehensive provider, options to bundle with Sophos include server, firewall, and email data security solutions.
On Gartner Peer Insights, Sophos holds a 4.8/5 star rating over 74 reviews. Sophos made the Leaders circle in the 2021 Gartner Magic Quadrant released in May. In the latest MITRE Carabanak+FIN7 Evaluations for EDR, Sophos had an overall detection rate of 67.82% between telemetry and analytic detections.
What is XDR?
Extended detection and response (XDR) is the next generation of software built to monitor and combat threats across infrastructure layers. Note the absence of the word endpoint in the previous sentence. XDR takes the features and benefits of EDR and combines them with SIEM, SOAR, and UEBA.
Administrators can look into the pertinent data coming from security solutions across the infrastructure from a single pane.
XDR Use Cases
- Identify advanced persistent threats and obfuscated malware
- Track suspicious activity across multiple network segments and environments
- Reduce downtime and investigations with improved detection and response speed
- Investigate threats more effectively and efficiently with automated, built-in intelligence
The three pillars of XDR
Not limited to endpoints, XDR collects data across network, server, and cloud security layers. Using data analysis, the software evaluates the pool of data, alerts, and activity to provide security administrators visibility.
Threat intelligence continues to drive a network’s ability to detect normal, suspicious, and malicious behavior. XDR offers globally sourced threat intel to identify threats and investigate their activity.
While EDR tools can only defend endpoints and workloads, XDR can contain and remove threats across infrastructure environments. Administrators now have access to security control points across existing network software.
Benefits of XDR
- Significant visibility into a network’s entire security posture and threats
- Prioritized workflows and decision making based on accurate full-network analysis
- Increased automation fit for monitoring and managing regular volumes of security data
- Faster detection and response thanks to the automation, prioritization, and visibility
How to select an XDR vendor
Because it’s a newish technology, the market for XDR solutions remains a work in progress. Several vendors continue to develop their XDR software as an extension of existing EDR tools.
Questions to ask XDR vendors
In evaluating XDR solutions, here are some questions to ask vendors:
- How does your XDR unite existing network software and their telemetry data?
- How does your XDR leverage existing security investments?
- Do your analytics combine insights from across attack vectors?
- How completely can you automate security across control points?
- Why will I make better security decisions with your XDR?
Read more about how XDR is changing the cybersecurity landscape in XDR Emerges as a Key Next-Generation Software Tool.