KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
XDR has emerged to become a leading cybersecurity tool set sought after by a range of different kinds of organizations. How does it differ from Endpoint Protection Detection & Response (EPDR) and Network Detection & Response (NDR)? XDR encompasses both EPDR and NDR, as well as security tools focused on cloud environments. For details and evaluations on EPDR and NDR, please refer to our Leadership Compasses on those subjects.
XDR is for organizations that want comprehensive observability and remediation capabilities across both endpoints and networks. One might think that XDR would subsume its EPDR and NDR rivals, except that these technical solutions are not in competition with one another. Vendors report that large enterprises still often go for a best-of-breed approach, leveraging their relationships with multiple security products that cover specific areas. Small-to-medium (SMB) sized businesses and organizations, on the other hand, are looking for that all-in-one type of tool that reduces costs, complexity, and the number of vendor contracts to manage.
What is driving interest and adoption of XDR? In a word, ransomware. Initial stages of a ransomware attack can be difficult to detect. EPDR alone may miss the signs, especially if attackers use compromised credentials rather than malware to gain a foothold in a victim organization. Attackers can often cover their tracks by wiping logs on endpoints and servers. The one place it is difficult to remove evidence from is the network; thus, having NDR capabilities installed can close the observability gap. Why not just add NDR to your EPDR; why go for XDR? Because having all the functions in a single solution is more efficient from the perspective of SMBs and mid-market sized organizations.
XDR solutions are security tools that are designed to consolidate multiple point solutions such as Endpoint Protection Detection & Response (EPDR), Network Detection & Response (NDR), Cloud Workload Protection Platform (CWPP), Cloud Security Posture Management (CSPM), Intrusion Detection Systems (IDS) & Intrusion Prevention Systems (IPS), Distributed Deception Platforms (DDP), and Unified Endpoint Management (UEM). XDR solutions also need to draw on telemetry from IAM systems, particularly User Behavioral Analytics (UBA) and Identity Governance and Administration. In our definition and view, XDR must encompass endpoint, network, and cloud aspects. This means that XDR solutions must have agents for endpoints, sensors for networks, and agents for cloud instances and containers.
The MITRE ATT&CK Framework is a comprehensive approach that addresses all the various TTPs that malicious actors use to compromise systems for the purpose of data exfiltration. Many security vendors contribute to MITRE ATT&CK, and many of their tools map detections to the various steps and techniques to facilitate analysis within their product interfaces.
As a fairly new product offering, XDR is characterized by its use of AI/ML technologies for detecting malware and analyzing behavior. XDR solutions are characterized by cloud-first technologies, with all vendors offering SaaS-hosted management consoles. Some offer cloud-hosting for customer data as well.
XDR is gaining prominence in North America, and we expect other regions to rapidly start adopting XDR as well. XDR is suitable for all organization types. It is generally a cloud-first deployment technology for its common interfaces, although on-premises components are required for endpoints and network sensors. Although the XDR term has only been around for a few years, it is catching on and is even mainstream. We are past the early adoption phase, and the XDR solutions we will review are mature product/service offerings.
For an understanding of our research approach, please see KuppingerCole Leadership Compass Methodology.
