Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

End of Bibblio RCM includes -->
4/12/2021
09:00 AM
Eric Parizo
Eric Parizo
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv

Omdia Research Spotlight: XDR

Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.

Extended Detection and Response (XDR) technology is quickly taking the enterprise cybersecurity industry by storm.

The term XDR, first coined in 2018 by Omdia Principal Analyst Rik Turner, is defined by Omdia as a single, stand-alone solution that offers integrated threat detection and response capabilities.

To meet Omdia's criteria to be classified as a "comprehensive" XDR solution, a product must offer threat detection and response functionality across three key platforms:

  • Endpoints (often referred to as Endpoint Detection and Response or EDR)
  • Networks (often referred to as Network Traffic Analysis or NTA, more recently as Network Detection and Response or NDR)
  • And cloud computing environments (occasionally referred to as Cloud Detection and Response or CDR).

Specific to the cloud, this should encompass software-as-a-service (SaaS) environments such as Office 365 and Salesforce, as well as infrastructure- and platform-as-a-service (IaaS and PaaS) modes of delivering cloud computing.

Related Content:

What's So Great About XDR?

Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain

Support for other platforms or threat vectors — such as email — is also common, and XDR solutions may also foster integration among stand-alone threat detection and response solutions that specialize in any of the three areas noted above, as well as others.

Omdia has a comprehensive library of research on XDR, detailing how the technology works, the way in which it is already evolving, and what specific approaches various vendors have adopted.

See a selection of Omdia's research content on XDR below.

Editor's note: Access to Omdia content requires an Omdia research subscription; click here for more information about Omdia.

Fundamentals of XDR versus SIEM and SOAR: Understanding the evolution of SecOps architectures
XDR represents a significant advancement in enterprise threat detection and response technology. This report explains how XDR solutions work, their strengths and limitations, and ways in which XDR complements — or is an alternative to — SIEM/SOAR-based SecOps architectures.

Fortinet's FortiXDR challenges rivals with focus on automated investigation and response
Fortinet's new XDR solution is based on proven technology and pushes the envelope on threat detection and response automation.

FireEye buys its way into XDR, but questions abound on its portfolio and its future
FireEye's $186 million acquisition of analytics vendor Respond Software is buttressed by a new $400 million private equity cash infusion. However, a growing divergence in its product portfolio may indicate further disruption.

Microsoft Ignite 2020: SIEM and XDR improvements highlight advancing enterprise SecOps efforts
With its Azure Sentinel SIEM and rebranded Defender XDR, the Microsoft SecOps strategy centers on delivering best-of-breed capabilities in a unified, cloud-native platform. 

Palo Alto Networks adds security consulting and forensics with purchase of The Crypsis Group
Palo Alto Networks intends to buy The Crypsis Group, a cybersecurity services and managed security services provider, for $265m to bolster sales opportunities and support for its Cortex XDR solutions.

VMware pushes toward XDR play with acquisition of NDR vendor Lastline
Discusses VMware's acquisition of Lastline, a network detection and response (NDR) vendor. It is pursuing an XDR offering to compete with Palo Alto Networks and Trend Micro.

Stellar Cyber adds cloud detection and response to its XDR offering
Provides an update on Stellar Cyber's new capability for cloud environments termed cloud detection and response (CDR) to complement its Starlight platform.

On the radar: Awake Security offers network detection and response
When combined with the vendor's endpoint detection and response capabilities, the move positions the company for an XDR offering; it already has cloud monitoring capabilities. A managed NDR service is also offered.

WatchGuard buys Panda in the industry's latest XDR play
The acquisition of the Spanish endpoint security vendor is the latest move in the emerging XDR segment, in which unified detection and response capabilities are offered across network, endpoint, and beyond.

RSA Conference 2018 featured managed detection and response and life beyond SIEM
Principal Analyst Rik Turner coins the term "xDR" in this report, highlighting the coming convergence involving various types of threat detection and response technologies and services.  

Eric Parizo supports Omdia's Cybersecurity Accelerator, its research practice supporting vendor, service provider, and enterprise clients in the area of enterprise cybersecurity. Eric covers global cybersecurity trends and top-tier vendors in North America. He has been ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27509
PUBLISHED: 2022-06-26
Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs in...
CVE-2022-34491
PUBLISHED: 2022-06-25
In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllowLinkTag config variable was set to true, and a new RSS feed was created with certain XSS payloads within its description tags and added to the $wgRSSUrlWhitelist config variable, stored XSS could occur via MediaWiki's template sy...
CVE-2022-29931
PUBLISHED: 2022-06-25
Raytion 7.2.0 allows reflected Cross-site Scripting (XSS).
CVE-2022-31017
PUBLISHED: 2022-06-25
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the serve...
CVE-2022-31016
PUBLISHED: 2022-06-25
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated A...