Key Criteria for Evaluating Extended Detection and Response Solutionsv2.0

An Evaluation Guide for Technology Decision-Makers

Table of Contents

  1. Summary
  2. XDR Primer
  3. Report Methodology
  4. Decision Criteria Analysis
  5. Evaluation Metrics
  6. Key Criteria: Impact Analysis
  7. Analyst’s Take
  8. About Chris Ray

1. Summary

Enterprise cybersecurity is typically composed of multiple solutions from various vendors, combined with a security information and event management (SIEM) and/or security orchestration, automation and response (SOAR) product to help security analysts detect and respond to cyberattacks. Traditionally, most SIEM/SOAR solutions came with out-of-the-box threat detection capabilities; however, their effectiveness relied heavily on a human in the loop to fine-tune the systems for the particular environment. Any such solution was limited, therefore, by the knowledge of the incumbent security staff and required extensive maintenance to keep up with the ever-changing threat landscape. This limitation too often resulted in less-than-intelligent detection and a crippling overabundance of alerts; real threats were drowned out by noise and remained undetected.

Now, a newer kind of threat detection technology—extended detection and response (XDR)—distributes detection and response across the security stack to provide ubiquitous coverage from endpoint to cloud by delivering unified visibility, control, and protection. XDR solutions collect telemetry and leverage artificial intelligence (AI), machine learning (ML), and other statistical analysis methods to correlate event logs and then evaluate them against intrusion response frameworks. Additionally, XDR systems integrate threat intelligence to enhance and improve threat detection capabilities. Importantly, solutions—and threat detection—are no longer dependent on the knowledge of security staff.

The GigaOm Key Criteria and Radar reports provide an overview of the XDR market, identify capabilities (table stakes, key criteria, and emerging technologies) and non-functional requirements (evaluation metrics) for selecting an XDR solution, and detail vendors and products that excel. These reports give prospective buyers an overview of the top vendors in this sector and help decision-makers evaluate solutions and decide where to invest.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.