Understanding XDR – Learn from Industry Authorities

Rated XDR

How XDR is Supercharging the MDR space to Reach Next-Level Detection and Response

XDR. The latest in a long list of buzzwords with little objectivity to their definition. Coined by Palo Alto Networks back in 2018, Extended Detection and Response (XDR) has become the next evolution of Endpoint Detection and Response (EDR) with promises of combining signals from multiple sources to increase advanced threat detection capabilities and decrease response time, for complete endpoint security.

What is XDR?
Forrester defines native XDR as “An XDR suite that integrates with other security tools from their portfolio for the collection of other forms of telemetry and execution of response actions related to that telemetry.” Analyst firm Gartner says XDR is “a Saas-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.”

While the definitions are clear, the execution of Extended Detection and Response can bring about ambiguity. What alert sources are required? What does the manufacturer provide in their XDR solution set vs. ingest from other products? How is that data ingested? Aggregation vs. Correlation? These questions and more are all answered by the manufacturers building the platforms and define the value organizations will receive from “XDR”.

How CRITICALSTART works with XDR

Where does CRITICALSTART fit into this equation? While our security solution platform (ZTAP) has “XDR capabilities,” we do not—and will not—market it as an XDR Platform. ZTAP is the platform on which we deliver our award-winning Managed Detection and Response (MDR) service by integrating with industry leading technologies that do create XDR platforms for customers to deploy into their environment.

While CRITICALSTART is going to continue to focus on delivering the best service available, we do want to help provide some clarity around the XDR space. So, we’re going right to the manufacturers building the platforms for answers. During the 5-part podcast series, Rated XDR, we speak directly with some of the integration partners supported in CRITICALSTART’s MDR service who are pioneering XDR.

Upcoming podcasts

We’ll be interviewing the following leaders in XDR to gain their perspective on this technology, the role they feel it should play, and where it’s heading in the future:

CrowdStrike – Ajit Sancheti – VP, Identity Protection – July 7, 2021

Few players in the security space have seen more post-IPO success than CrowdStrike. They are truly a marketing machine that backs up their presence with solid technical capabilities and vision. Their recent acquisitions of Humio and Preempt have brought additional capabilities to an already well-appointed portfolio. To talk about their approach to security, we’ll speak with the former Founder and CEO of Preempt, and current VP of Identity Protection, Ajit Sancheti.

SentinelOne – Raj Rajamani – Chief Product Officer – July 21, 2021

Leveraging unique “rollback” capabilities, SentinelOne hit the endpoint scene as a remedy to ransomware in a market failing to keep up with a strict prevent-only stance. Through internal development and the acquisition of Scaylr, SentinelOne has broadened its scope of detection capability and is the only privately held endpoint product in the CRITICALSTART MDR portfolio—but though not for long. Joining me to discuss SentinelOne’s strategy in growth and development is the Chief Product Officer of SentinelOne, Raj Rajamani.

Microsoft – Ann Johnson – Corporate Vice President of Security, Compliance, and Identity – August 11, 2021

Causing mixed reaction upon entering the security space, Microsoft has risen quickly in both capabilities and rankings among 3rd parties like Gartner, Forrester, and MITRE. Included with E5 and other bundles, the often already-owned security suite releases regular updates enabling this industry-leading solution to detect threats earlier and respond more effectively. With the expanded functionality from Azure Sentinel tying the Microsoft portfolio together with additional data feeds, Microsoft is bucking the reputation of Windows Defender circa 2016. To discuss the vision of Microsoft Security, we’ll be joined by the change agent who ushered Microsoft to the top of the security industry, Microsoft CVP of Security, Compliance and Identity, Ann Johnson.

Palo Alto Networks – Tim Junio – SVP Product, Cortex – August 25, 2021

Quickly building on the success of their next-generation firewall business, Palo Alto Networks has been a disrupter in cybersecurity. Now a leader across multiple competencies, the ability to acquire and integrate new technology allows them to quickly compete in new verticals of security and create a compelling portfolio. Joining me in the series from one of their more recent acquisitions, Expanse, to talk about Palo Alto Network’s strategy around XDR, is the former CEO of Expanse and Current SVP of Product for Cortex, Tim Junio.