XDR-as-a-service on the rise: A fully staffed SOC is out of reach for many organizations and that’s why the rise of XDR-as-a-service reflects growing demand for managed, scalable security capabilities.”With stretched teams and expanding attack surfaces, many organizations are turning to trusted providers to deliver round-the-clock detection and response,” says Santiago Pontiroli, lead security researcher at cybersecurity vendor Acronis. “This model allows organizations to benefit from integrated threat visibility and faster incident response without the overhead of building and maintaining the infrastructure themselves.”Demand for XDR-as-a-service is booming, driven by two main factors, according to Context’s Turner: Many SMBs can’t afford to stand up their own SOCs, and MSPs and MSSPs seek recurring revenue and scalable service delivery.”XDR-as-a-service is enabling MSPs to resell managed detection and response capabilities without needing to build the entire stack themselves,” Turner says. “Distributors are increasingly offering XDR-as-a-service bundles via cloud marketplaces, which come with pre-integrated licences and usage-based billing.”
AI and machine learning make their mark, and add noise to the market: Artificial intelligence and machine learning play a critical role in making XDR systems more scalable and effective.”These technologies help identify patterns, reduce false positives, and surface high-fidelity alerts from vast volumes of data,” says Acronis’ Pontiroli. “Also, ML models can learn from behaviors across multiple layers, like endpoint, network, and user activity, allowing the detection of threats that don’t rely on known signatures.”Pontiroli adds: “AI is also increasingly being used to enrich alerts with context and drive automated or semi-automated response actions, making it easier for lean security teams to keep up with sophisticated attacks.”Cybersecurity vendors in general are heavily investing in AI technologies. For XDR specifically, AI can assist in functions such as alert triage, behavioral analytics, and anomaly detection but the finer points of this product development are often missed by buyers amid a blitz of AI-focused cybersecurity product marketing.”The main challenge we are hearing from partners is in differentiation,” Context’s Turner says. “Practically every vendor is now marketing their platform as AI-driven.”
M&A activity continues to consolidate the market: For the past few years, the XDR market has experienced significant consolidation through mergers and acquisitions, shaking up the competitive set.”EDR vendors are acquiring NDR or SIEM players to build their own XDR vision,” Context’s Turner says. “Some examples being SentinelOne acquiring Attivo, CrowdStrike expanding into identity, whilst others like Palo Alto and Microsoft are building broad portfolios through integration rather than acquisition.”Turner adds: “Some traditional SIEM or EDR [vendors] now compete with each other post-acquisition.”Important XDR vendors include CrowdStrike, Sophos, SentinelOne, Trend Micro, and others.Jerry Mancini, senior director for the office of the CTO at network security tools vendor NetScout, tells CSO: “Large security vendors are actively pursuing mergers and acquisitions with the aim of not only building out their comprehensive XDR offering but also creating closed XDR solutions where all security can be provided by a single vendor, including managed services.”
Partnerships and open architectures fill the gaps: Despite increased M&A activity, few, if any, security vendors have the capacity to provide a comprehensive service, prompting a parallel development in the XDR market: the growth of partnerships”Despite mergers and acquisitions, there are often missing pieces that XDR vendors need to bring in to serve the demands of buyers who require a best-of-breed approach to their security portfolio,” NetScout’s Mancini explains. “Partnerships are a vital way of filling those gaps and demands, allowing XDR providers to integrate with existing security solutions, and enabling data producers to input their information into XDR platforms.”Mancini added: “This ensures a collaborative ecosystem in which vendors must support open architectures.”The cross-country Open XDR approach involves building using open-source frameworks, such as Elasticsearch, Apache Kafka, and Fluentd for data collection and processing, or designing platforms to be vendor-neutral. The approach enables integration with existing security tools (SIEM, etc.) and the possibility of building a modular security stack with the downside of increased complexity compared to proprietary platforms.
Managed XDR makes waves: As opposed to XDR-as-a-service, which typically means access to an XDR platform in the cloud, managed XDR goes a step further, offering a fully operated service, including 24/7 monitoring and increased automation. The model has increased in popularity of late, according to industry observers.The managed XDR model enables organizations to significantly improve their ability to detect and respond to threats, including sophisticated attacks such as account takeover and ransomware, without needing multiple security solutions or investing in specialized cybersecurity staff.”Automation plays a critical role in detection and response, but it’s the presence of a mature SOC behind the scenes that truly elevates managed XDR, ensuring threat detection remains accurate, rules are continuously tuned, and incidents are investigated in depth,” says Yaz Bekkar, consulting solutions architect for XDR in the EMEA region at Barracuda Networks. “Automation without human oversight can lead to blind spots.”
Partnerships and open architectures fill the gaps: Despite increased M&A activity, few, if any, security vendors have the capacity to provide a comprehensive service, prompting a parallel development in the XDR market: the growth of partnerships”Despite mergers and acquisitions, there are often missing pieces that XDR vendors need to bring in to serve the demands of buyers who require a best-of-breed approach to their security portfolio,” NetScout’s Mancini explains. “Partnerships are a vital way of filling those gaps and demands, allowing XDR providers to integrate with existing security solutions, and enabling data producers to input their information into XDR platforms.”Mancini added: “This ensures a collaborative ecosystem in which vendors must support open architectures.”The cross-country Open XDR approach involves building using open-source frameworks, such as Elasticsearch, Apache Kafka, and Fluentd for data collection and processing, or designing platforms to be vendor-neutral. The approach enables integration with existing security tools (SIEM, etc.) and the possibility of building a modular security stack with the downside of increased complexity compared to proprietary platforms.
Managed XDR makes waves: As opposed to XDR-as-a-service, which typically means access to an XDR platform in the cloud, managed XDR goes a step further, offering a fully operated service, including 24/7 monitoring and increased automation. The model has increased in popularity of late, according to industry observers.The managed XDR model enables organizations to significantly improve their ability to detect and respond to threats, including sophisticated attacks such as account takeover and ransomware, without needing multiple security solutions or investing in specialized cybersecurity staff.”Automation plays a critical role in detection and response, but it’s the presence of a mature SOC behind the scenes that truly elevates managed XDR, ensuring threat detection remains accurate, rules are continuously tuned, and incidents are investigated in depth,” says Yaz Bekkar, consulting solutions architect for XDR in the EMEA region at Barracuda Networks. “Automation without human oversight can lead to blind spots.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4012841/6-key-trends-redefining-the-xdr-market.html
