XDR Companies. PHOTO: Cybercrime Magazine.

11 Hot XDR Companies To Watch In 2021

Helping SOC teams get on top of cybersecurity’s big data problem

David Braue

Melbourne, Australia – Apr. 30, 2021

When big data techniques were popularized a decade ago, it didn’t take long before the security industry cottoned on to the opportunities posed by large-scale collection and aggregation of security alerts — and it didn’t take much longer than that before security operations centers (SOCs) were buried under an avalanche of alerts with no way of catching up.

Enter extended detection and response (XDR), the fast-evolving answer to security’s big data problem. Typically leveraging machine learning and artificial intelligence to pore over large volumes of data from other security systems, XDR platforms aggregate data from firewall, endpoint, CASB, public cloud, threat-intelligence and other tools in large, often cloud-based “data lakes.”

By continuously analyzing this data for often-imperceptible indicators of compromise (IoC), XDR tools not only detect low-and-slow attack activity by correlating IoCs, but also can often generate contextually relevant time series that show how an attack evolved and spread across the network. Some go a step further by producing detailed playbooks to guide SOC teams’ remediation efforts.

Cybercrime Radio: Demystifying Machine Learning

Albert Zhichun Li, Chief Scientist, Stellar Cyber

The benefits of an XDR approach clearly vary according to each company’s environment and circumstances but Cisco, for one, has floated a 72 percent reduction of dwell time and 6 to 10 hours saved per incident.

AI and ML capabilities are table stakes in the most innovative XDR solutions, many of which not only detect indicators of compromise (IoC) in real time but also provide timelines of related activity — and, in some cases, complete documentation through automatically generated attack narratives. Some vendors offer their capabilities to managed security service providers (MSSPs) for resale to end users, while others back their services with 24×7 SOCs populated by security experts available on a moment’s notice.

It’s a hugely innovative space that promises to help security teams finally get on top of their problematic and paradoxical need to collect as much security data as they can in order to improve response. Here are ten of the hottest XDR companies to watch this year:

  • Confluera, Palo Alto, Calif. Confluera documents cyber kill chain activity using Continuous Attack Graphs based on data from on-premises and cloud-based systems, framing “attack narratives” documenting suspicious activities over time — tracing lateral movement between hosts and containers, and correlating attacks against corporate risk and compliance requirements.
  • Cybereason, Boston, Mass. Designed to provide a higher-level view of malicious activity by analyzing malicious operations (Malops) instead of just security alerts, Cybereason develops one-click mitigation actions across all networks using data cloud, endpoint, network, and log data.
  • CyberMaxx, Nashville, Tenn. MAXX MDR is the next generation of Managed Detection and Response, providing proactive prevention and rapid response to the most pervasive threats. MAXX MDR is a combination of three proven technologies that drives deeper analysis and more proactive prevention, freeing organizations to focus on their business initiatives at a fraction of the cost (and headache) of managing multiple vendors or building a solution in-house.
  • Cynet, New York, N.Y. Cynet’s 360 XDR platform monitors endpoint, network, and user-based security threats and automatically generates an investigation flow — including automated remediation and custom playbooks — whenever an incident is detected. Tuned to bolster next-generation AV, EDR, UEBA, network traffic analysis and deception techniques, Cynet also provides access to a 24×7 SOC to help pinpoint and stop attacks as they happen.
  • eSentire, Waterloo, Canada. eSentire has built a machine learning-based cloud data pool, called Atlas XDR Cloud, to collect and analyze threat signals across cloud, on-premises and hybrid environments — and then wrapped it in a security operations center (SOC) and formal Threat Response Unit, backing its XDR tool with a team of experts who proactively deal with the threats that Atlas uncovers.

  • Hunters, Tel Aviv, Israel. The open design of Hunters XDR uses cloud connectors to extract detection telemetry, threat intelligence IoCs, and noisy threat signals from cloud, SIEM, cloud storage and other sources — continuously adding to an ever-scaling, ML-based Knowledge Graph that correlates “under the radar” threats from a range of sources.
  • Kognos, Santa Clara, Calif. Like its peers, Kognos has focused its XDR strategy on accumulating data and analyzing it contextually. But adding security domain knowledge into its AI means that IoCs are continuously cross-referenced with known attack patterns — helping the platform generate “fully contextualized storylines at machine speeds,” and enabling SOC teams to trace attackers’ activities in real time.
  • Reliaquest, Tampa West, Fla. Reliaquest’s data-aggregation engine maps indicators of compromise to MITRE ATT&CK and Kill Chain paradigms — backed by security analyst and threat-intelligence teams that update detection content, and machine-learning attack simulations that continuously check security controls. Data is normalized to a common structure that enables automatic creation of “research packages” to guide response teams’ investigations.
  • SecBI, Tel Aviv, Israel. By aggregating data from mail and web gateways, EDRs, SIEM and SOAR platforms, SecBI boosts overall network visibility and automated threat hunting — tapping ML-based learning and AI-based analysis to pick up even low-and-slow cyberattacks spread across multiple systems.
  • SentinelOne, Mountain View, Calif. SentinelOne’s Singularity XDR ingests structured, unstructured, and semi-structured data into a centralized data lake — correlating IoCs to develop automated storylines, and developing a unified response and remediation strategy that is continuously updated as SOC staff continue to respond.
  • Stellar Cyber, Santa Clara, Calif. Stellar Cyber’s Open XDR platform applies a single, AI-driven analytics engine to an ever-growing data lake supplied by its threat-intelligence, next-generation SIEM, user entity behavioral analysis (UEBA), cloud detection response (CDR), and other modules — providing a multi-faceted defense targeted at end users and managed security service providers alike.

Cybercrime Magazine will be expanding our coverage of XDR companies and this list in 2022.

David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.

Sponsored by Stellar Cyber

Stellar Cyber makes Open XDR, the only comprehensive security platform providing maximum protection of applications and data wherever they reside.

Stellar Cyber’s industry-leading security infrastructure data collection, analysis and automated anywhere detection and response (XDR) mechanisms improve productivity and empower security analysts to kill threats in minutes instead of days or weeks. By accepting data inputs from a variety of existing cybersecurity solutions, integrating them, and analyzing them under one intuitive interface. Stellar Cyber’s Open-XDR platform helps eliminate the tool fatigue and data overload often cited by security analysts.

Founded in 2015 by industry pioneers from leading companies including Aerohive, Netscreen, Fortinet, Vectra, Juniper, Cisco, VMware, Gigamon, and A10 Networks; Stellar Cyber is based in Silicon Valley, and venture backed by Valley Capital Partners, Big Basin Partners, SIG – Susqehanna and Northern Light Venture Capital.