The companies behind the push for the eXtended Detection and Response trend are promising enterprise security teams there’s a way to unify different endpoint, cloud, and network security tools to get visibility over their security vulnerabilities, risks, and defenses. However, if the tools can’t speak with each other and share the data, the integration is limited and defenders wind up with too many alerts to deal with.
That is the push behind the CrowdXDR Alliance, a partnership between CrowdStrike and other software-as-a-service, cloud, and security companies to establish a common language for data sharing between security tools and processes. At launch, Google Cloud, Okta, ServiceNow, Zscaler, Netskope, Proofpoint, Extrahop, Mimecast, Claroty, and Corelight have joined the coalition.
The lack of standards for data sharing across different security platforms means enterprise defenders can’t use all the data at their disposal for their investigations. The partnership will establish and support a standardized XDR schema to share relevant telemetry and accelerate incident response with contextually enriched detections, more effective correlations, timely investigations, and automated responses.
The shared schema for XDR data exchange will enrich endpoint detection and response (EDR) data with relevant, vendor-specific security telemetry, CrowdStrike says.
“XDR, like SASE and Security Services Edge (SSE), is critical to security transformation and a non-negotiable need for enterprises moving to cloud infrastructure,” Netskope CEO Sanjay Beri said in a release.
CrowdStrike also announced its Falcon XDR, which extends its EDR (endpoint detection and response) capabilities to “deliver real-time detection and automated response across the entire security stack.”
In other XDR-related announcements:
- Huntress added a managed antivirus service to its Huntress MDR security platform.
- AT&T launched the AT&T Managed XDR solution, a cloud-based security platform featuring security threat analytics, machine learning and third-party connectors. AT&T’s announcement says the cloud-based security platform protect endpoint, network, and cloud assets with automated and orchestrated malware prevention, threat detection, and response.
- eSentire expanded its eSentire MDR services with Microsoft Azure Sentinel to support Microsoft SIEM, endpoint, identity, email and cloud security services. eSentire’s Atlas XDR Cloud platform ingests signals from Microsoft 365 and Azure environments, “enriching them with Artificial Intelligence and Machine Learning models for automated disruption, enabling rapid human-led investigation when required, and providing further contextual awareness, driving complete response,” eSentire said.
- Cybereason and Google Chronicle introduced Cybereason XDR powered by Chronicle. Cybereason claims its cloud-native service “automates prevention for common attacks, guides analysts through security operations and incident response, and enables threat hunting.”
- ReliaQuest expanded its GreyMatter open XDR platform with a Security Model Index and Verify capabilities. ReliaQuest says organizations can “deliver cyber risk metrics, test and validate security controls across their cybersecurity program and take action to continuously improve their risk profile.”