XDR is a new technology category forming before your very eyes: it’s the next phase of progression beyond EDR. The “X” in XDR stands for eXtended Detection and Response and represents visibility, prevention, detection, and response – automated – across enterprise attack surfaces. Forrester published an XDR “New Wave” that seeks to unpack this emergent, evolving space.
Attack surfaces, at one point in time primarily being endpoints, are the primary sources of data creation. Today’s endpoint is where users create, store, and share. It’s the intersection point between cloud, user, and device. The endpoint is the richest source of data. Data doesn’t start and end at the endpoint. The modern endpoint is inclusive of so much more. Today’s attack surfaces encompass the cloud, containers, mobile devices, IoT, and storage. The risk and necessity for autonomous cybersecurity exists wherever data resides. We believe securing the modern enterprise is about following the data. Cybersecurity must exist wherever data is born, lives, and thrives.
SentinelOne – XDR Strong Performer
According to Forrester, SentinelOne’s Singularity XDR platform “is the best fit for companies that want customizability and to grow into XDR.” This strong statement from Forrester confirms SentinelOne’s strategy and execution. We believe customers require more EDR automation and ease of use to drive down the time required to detect, respond, and recover. Customers today still lack fundamental visibility of their dynamic attack surfaces. Our technology has been recognized for its EDR superiority, specifically around detection and visibility before: see the latest MITRE ATT&CK Engenuity Testing where SentinelOne outperformed all other vendors with the richest automatic visibility, no missed detections, no mid-test software tweaks, and no delays. The end result is the right platform to cultivate, define, and deliver XDR excellence. It starts with delivering the most visibility and correlated detections.
The Best Fit for Companies that Want Customizability and to Grow into XDR
For us Sentinels – XDR is not just a product line nor is it a singular solution – but instead it is the guiding principle behind our product strategy. The emergence of XDR is proof that SentinelOne’s approach to EDR has the right type of impact for our customers’ day-to-day security practices. Perfecting the balance between visibility, protection, and remediation is the art in delivering upon XDR. The technology building blocks deliver open XDR built for today’s enterprise:
- Visibility: Ranger provides an instant and dynamic attack surface inventory for both managed and unmanaged devices for IT and security teams; its auto-deploy feature delivers coverage, protection, and control to instantly reduce risk.
- Detection: Storyline transforms isolated data points into a cohesive, contextualized story. It takes the guesswork out of detection and enables autonomous response.
- Protection: our patented behavioral AI is the bedrock of the Singularity XDR platform, defending in a vector-agnostic fashion as it analyzes behavioral data versus attack techniques.
- Response: automated local responses remediate in real time saving operators time. From kill to quarantine, remediate to rollback, we’ve designed our XDR platform to autonomously respond for – not by – the operator. Storyline Active Response (STAR) takes response to the next level leveraging cloud scale to make response customizable, instant, and dynamic.
What XDR Means for Buyers and Where Does it Come From
Forrester’s analysis reinforces several key aspects of our approach. First is their clarification that the measure of a vendor’s XDR platform is its ability “..to simplify incident response and build targeted, high-efficacy detections.” We commend analysts for articulating the need for measurable metrics such as efficacy, speed of response, and ability to scale. Everything an XDR technology does should be looked at as a means to an end: can it help a security team (regardless of size or maturity level) reduce the time it takes to detect, investigate and respond to threats?
Forrester has clarified that EDR is the backbone of XDR. The attack landscape has proven that the endpoint is at the heart of most cross-surface attacks. Therefore, the right EDR is well positioned to deliver the best XDR as well. Forrester recognizes that SentinelOne “is leaning into its EDR heritage as it introduces new telemetry.” Our acquisition of Scalyr provides us with a differentiated opportunity to ingest diverse data faster without speed, index, scale, and economic limitations.
Our Thoughts on the Future of XDR
Starting from the best place to see data – the endpoint – and layering more capabilities, more integrations, and the ability to correlate data quickly is the key to XDR. It’s the missing piece to shift the pendulum to the side of defenders.
Covering more surfaces, more use-cases, and more attack vectors is what our customers tell us they value. But it’s just half the challenge. Our EDR foundations extend beyond the endpoint – to network, critical infrastructure, IoT, mobile, cloud, and more. We continue to build upon our data foundation, as well introducing new technologies, such as Scalyr and the SentinelOne Marketplace, which help us to unify cybersecurity. The XDR era must deliver faster, simpler and more powerful cybersecurity that’s broader than before and even easier to use. The days of human powered EDR are becoming the legacy of a bygone time. XDR is best delivered by our patented technology and the power of AI. A new and brighter day is ahead in cybersecurity.