Channel Partners Conference & Expo is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Who joined us in Vegas this March? And what did they think? Access the post-show report >>

Clearing Up the XDR Confusion ... Finally


This blog is part of a Channel Partners Conference & Expo/MSP Summit sponsorship.

This week Gartner weighed in on a technology that unfortunately became a dreaded three-letter word over the past couple of years, XDR, by issuing its official Market Guide. In the guide, Gartner describes what an XDR consists of and discusses how organizations should view this technology in context with everything else they currently use or might use in the future. You can download your complimentary copy of the guide here to get into all the details, but in the meantime, here are a few key takeaways from my perspective.

XDR Must-Haves

If you have followed the XDR soap opera, you know there are warring factions regarding the foundation of XDR. The Endpointers see XDR as an evolution of EDR with a firm belief that an XDR must have an embedded EDR as its foundation. The Networkers take a “network-first’ stance claiming XDR must begin with network visibility. Yet another faction, let’s call them the Wildcards, claim that whatever technology they develop is the foundation of XDR, from threat intelligence to email security and everything in between. As these factions produce marketing collateral and flashy animated videos, the potential buyers of XDR only get further confused. In the guide, Gartner doesn’t take a firm stance on which faction is right or wrong but instead identifies XDR must-haves.

Here are a few of the most important ones:

  1. XDRs must integrate threat intelligence and telemetry data from multiple sources with security analytics to contextualize and correlate security alerts.
  2. XDRs must include native sensors
  3. XDRs must deliver value above and beyond what you are currently using

The nice thing about having a concise “must-have” list is the ease with which vendors that do not, at a minimum, check the boxes for each requirement can be eliminated from serious consideration.

Open vs. Closed Debate

Gartner directly tackles the “Open” vs. “Closed” XDR debate. The analyst rightly states that XDRs should bring together crucial security-relevant telemetry from your security stack, IT systems, cloud environments, OT environments, and business applications to identify and correlate threats. Vendors that provide a “closed” XDR where the product only works within their ecosystem, not ingesting signals from third parties, “violate XDR’s premise and lock the customer into their products.”

Conversely, when an XDR is “Open,” like what we offer, the benefits an organization can obtain are substantial. For instance, when using an Open XDR, organizations can integrate the XDR into their current security stack, using pre-built integration “hooks” to bring in the security-relevant data mentioned above. Moreover, if, in the future, the organization wants to change any of the underlying products, they can do so without having to replace their XDR product. The discussion around this point, particularly in the guide, is worth reading.

The XDR Trifecta: Integrations, Automation, and Consolidation

In the guide, Gartner references the importance of integrations, automation, and consolidation multiple times in different contexts, highlighting the importance of what I’ll refer to as the XDR Trifecta.

First, XDRs must integrate with what you are using today and what you might use tomorrow. To that end, ensure the XDR products you are considering ship with plenty of plug-and-play integrations and the ability to add new ones. In our case, our Open XDR ships with over 400 integrations as of the writing of this blog. Further, we provide additional integrations to our customers free of charge.

Next, automating manual processes is a vital part of any modern security operations program. XDRs must make this automation painless, requiring little to no human intervention. Again in our case, we deliver multiple forms of automation, from automatically normalizing data from all sources in our data lake to how we use AI to correlate security incidents and user behavior to identify critical threats to automated threat hunting and response rules users can create that fully automate the threat lifecycle management, to name a few.

Finally, Gartner states that one driver for bringing in an XDR is to consolidate a security stack, especially for smaller security teams that can get bogged down with the care and maintenance of a bulky security architecture. For example, according to the 2022 Gartner CISO Security Vendor Consolidation XDR and SASE Trends Survey referenced in the market guide, integrating network security products focused on intrusion and threat detection, such as network detection and response (NDR) was the top security component respondents wanted to integrate into an XDR solution, higher than cloud workloads, data security, and endpoint security, to name a few.

With this objective in mind, Gartner gives a few essential factors buyers should consider.  The guide states buyers should look closely at “how well subcomponents are integrated is as vital as how many products it consolidates.”

Grab a Cup of Coffee and Enjoy

I could go on and on about interesting things with the market guide, but the best thing you can do is read it yourself.

We are incredibly proud that Gartner included the Stellar Cyber Open XDR product in their list of representative products, including products from some very large vendors. To discuss our take on the guide further or see our Open XDR in action, reach out to set up a private meeting with our security experts today.

Steve Salinas is head of product marketing at Stellar Cyber.

Stellar Cyber, MSP Summit, cybersecurity