IDC Global Security Products Analysis: From Power Point to Power Product, Where Is XDR Right Now?
This IDC Market Perspective discusses the current state of the extended detection and response (XDR) market. Entering 2021, with a few notable exceptions, XDR was more of an aspiration than a practical product. However, the largest SIEM vendors and endpoint detection and response (EDR) vendors have announced products and platforms for XDR. XDR is expected to be a disruptive force affecting the sales of SIEM, EDR, SOAR, network intelligence and threat analytics platforms, and external threat intelligence providers. The verdict is out on whether this creates better revenue opportunities for cybersecurity vendors (on balance) or if putting so many capabilities onto a singular platform reduces revenue because of bundled pricing.IDC is covering XDR in earnest. The first part of our cadence is to take stock of where XDR is right now: What is the technology stack going to look like? Is XDR better realized as a proprietary stack or as an open platform? What outcomes should XDR provide? How should XDR be marketed? Is XDR a driver or inhibitor of cybersecurity revenues?"A famous ad said that 'you have your chocolate in my peanut butter,' and this was a clever way to say how two great ideas can be used to form one monster idea," notes Chris Kissel, research director, Tier 2 SOC Analytics at IDC. "Endpoint detection and response are great at finding threats to a local machine, and network intelligence and SIEM are good at finding user behavioral anomalies and rule-based violations. Throw in external threat intelligence and unified case management, and all of a sudden you have the budding technology extended detection and response."
Please Note: Extended description available upon request.
- Executive Snapshot
- New Market Developments and Dynamics
- Introduction
- Industry Dynamics
- Why XDR and Why Now
- Extended
- Detection
- Response
- XDR
- The Biggest Questions
- From the Cybersecurity Vendor's Perspective, Is XDR an Inhibitor or a Driver of Revenue?
- Is XDR a Glorified EDR Platform?
- If XDR Is More Than Simply an Extension of EDR, What Are or Will Be the Component Pieces of an XDR Platform/Architecture?
- What Other Features Could Be a Part of XDR Platforms?
- Where Do Cloud-Native XDR Revenues Come From?
- Don't MDR Companies, Managed Security SPs, and Proprietary Tools in SOCs Already Produce XDR-Like Outcomes?
- Will Companies Have to Explicitly Call Out That They Have XDR Capabilities?
- How Will XDR Be Priced?
- What Can Be Said About Companies That Treat XDR as a Feature and Not a Product?
- How Will the Development of "Best of Breed" Point Products Be Affected by XDR?
- Will XDR Thrive as a Proprietary Platform or an Open Platform?
- What Is the Role for Open Source Platforms Within an XDR Framework?
- Can the Argument Be Made That XDR Is What Next-Generation SIEM Was Supposed to Be (or Less Elegantly, Is This SIEM 3.0)?
- What Will Be the Log-Based Backplane of XDR? Are the Public Cloud/IaaS Providers Lurking?
- Vendor Examples
- Partnerships and Alliances
- CrowdXDR Alliance
- MITRE
- The XDR Alliance
- Market Strategies
- General Advice to Businesses Buying Cybersecurity Products
- Scenarios/Use Cases
- Taxonomy Guidance
- Advice for the Technology Supplier and Services Provider
- Learn More
- Related Research
- Synopsis
Research Assistance
Learn how to effectively navigate the market research process to help guide your organization on the journey to success.
Download eBook