Extended detection and response (XDR) vendors have reached a tipping point to compete with security information and event management (SIEM), with Microsoft, Palo Alto Networks and CrowdStrike are leading this move, Forrester reported in its XDR Wave Q2 2024 report.
The analyst noted that in 2021, XDR platforms emerged to replace SIEM systems as the principal technology in the security operations center (SOC).
The recent upheaval in the SIEM market, including Cisco acquiring leading SIEM vendor Splunk, LogRhythm and Exabeam planning to merge, and Palo Alto Networks announcing an agreement to acquire IBM QRadar, presents an opportunity for XDR vendors to demonstrate their capabilities to customers eager for a change.
“Now, many vendors have reached a point of integration and product capability where customers can start to realize the SIEM replacement vision even if XDR still can’t compete for more niche SIEM use cases such as compliance, federated search, and heavy customization,” analysts wrote in the report.
As a result of these trends, the firm recommends XDR customers look for vendors that prioritize endpoint expertise and visualization, target additional detection surfaces that provide more effective investigation and treat vision, innovation, and roadmap as intertwined and symbiotic.
For this Wave report, Forrester evaluated 11 XDR providers and identified Microsoft, Palo Alto Networks and CrowdStrike as leaders; Trend Micro, Bitdefender and SentinelOne as strong performers; Cisco, Trellix and Sophos as contenders; and Broadcom and Fortinet as challenges.
Microsoft offers the most complete XDR
Among the leaders, Microsoft stands out with the most complete XDR offering in the market today, the firm noted. The Microsoft Defender suite is central to its enterprise security vision. The tech giant’s commitment to innovation is evident from the percentage of revenue it devotes to the R&D budget, which is among the highest in the security industry.
Analysts recognized Microsoft has the most data-rich endpoint information in this XDR evaluation. In addition, the Microsoft Defender suite’s integration with native tools such as Defender for Cloud and Cloud Apps allows users to respond to alerts, search data, and create user-generated detections.
However, some users find the licensing model restrictive and force practitioners to adopt it with the rest of the business. Forrester noted the solution is best suited for organizations that require massive-scale deployments.
Palo Alto Networks brings together network security and XDR
Palo Alto Networks has evolved from a network security company into a major player in the security market, enabling more platform features and analytics for identity and cloud, Forrester noted.
The vendor offers extensive endpoint context within incidents and a unique dissolvable agent feature that can be automatically deployed to interrogate an unmanaged host in the event of an anomaly. It also integrates native and third-party detection surfaces, including firewalls and zero-trust network access (ZTNA) and Cloud.
Users speak highly of Palo Alto Networks’ custom automation actions. Despite they noted its XDR product is expensive, the pricing model is simple, based on per-endpoint pricing plus data ingest. Organizations with skilled practitioners looking to leverage both network and endpoint data together will find Palo Alto Networks a strong fit, Forrester analysts wrote.
CrowdStrike positions to win in XDR
CrowdStrike has long been recognized for its endpoint detection and response (EDR). Its latest release, Raptor, “positions it to win in the XDR market,” Forrester wrote. The Raptor release aims to enhance speed, threat intelligence and automation for stopping breaches, while addressing skills gaps and regulatory requirements.
The vendor also integrated its Humio acquisition into the Falcon platform for a united native XDR and SIEM-replacement tool and provided free native XDR for EDR customers on the Raptor release.
Users cited CrowdStrike’s context-rich endpoint data and native and third-party detection surfaces for detection, investigation and response. The XDR solution is suitable for organizations that want to apply the quality of intelligence and endpoint capabilities CrowdStrike is known for to additional detection surfaces, analysts said.
This post was originally published on the 3rd party site mentioned in the title of this this site