Exabeam, the security analytics and automation company, today announced the XDR Alliance™, a partnership of cybersecurity and information technology innovators committed to an inclusive and collaborative extended detection and response (XDR) framework and architecture.
The goal of the XDR Alliance is to foster an open approach to XDR which is essential to enable organizations everywhere to protect themselves against the growing number of cyber attacks, breaches, and intrusions.
Alongside Exabeam, founding members of the XDR Alliance include best-in-class cybersecurity leaders Armis, Expel, ExtraHop, Google Cloud Security, Mimecast, Netskope, and SentinelOne.
“History will look back and declare how well the cybersecurity industry succeeded in putting collaboration above competition to help protect our organizations and institutions,” said Gorka Sadowski, chief strategy officer, Exabeam and founder of the XDR Alliance. “We are at an inflection point with an extremely fragmented industry that requires all of us in the vendor community to come together to strengthen organizations’ SOCs. The XDR Alliance brings together the most forward thinking names in cybersecurity and IT to collaborate on building an XDR framework that is open and will make it easier for security operations (SecOps) teams to protect and secure their organizations.”
The charter of the XDR Alliance is to define an open XDR framework and architecture that works for end users, help SecOps teams integrate and better align with new and evolving applications and technologies, ensure interoperability across the XDR security vendor solutions set, and collaborate on XDR market education and awareness.
The XDR Alliance has developed a three-tier model that focuses on the core components of the XDR technology stack, which can be broken down into three tiers:
- Data sources / Control points – This refers to the security tooling that generates telemetry, logs and alerts, and that acts as control points for response.
- XDR Engine – This tier is the engine that ingests all the collected data and performs broad threat detection, investigation, and response (TDIR) for SOC operations.
- Content – This tier includes the pre-packaged content and workflows that allow security organizations to deliver on required use cases with maximum efficiency and automation.
XDR Alliance members represent the subcategories of SecOps including security analytics, security information and event management (SIEM), endpoint, identity management, email, cloud, network, OT/IoT, threat detection, investigation and response (TDIR), and network detection and response (NDR) as well as managed security service providers (MSSPs), Managed Detection and Response Services (MDRs) and Systems Integrators (SIs).
“It’s encouraging to see best-in-class cybersecurity vendors come together to ultimately help the end users––many of them our joint customers––have a much improved SOC experience. Organizations have counted on all of our advanced SecOps and TDIR solutions to defend their organizations against one-off and groups of attackers, but now we’re dealing with heightened stakes like covert AI and automated attacks––it is time to unite,” said Michael DeCesare, CEO and president, Exabeam. “Congratulations to the whole team at Exabeam for creating and driving this initiative––it’s a critical alliance that over time will ensure ethical organizations around the world are many steps ahead of those who seek to take advantage of cyber vulnerabilities, often caused by our fragmented industry.”
XDR Alliance Founding Member Quotes
“We are excited to be an inaugural member of the XDR Alliance, and we look forward to our continued collaboration on an open framework that works for industries everywhere,” said Peter Doggart, Chief Strategy Officer at Armis. “The convergence of OT and IT environments, married with an explosion of new connected devices is adding greater risk to our critical infrastructure. For organizations to continue their digital transformation journey, cyber threat exposure needs to be managed and coordinated. Building an open XDR framework helps us drive down risk by coordinating actionable intelligence from the best set of security tools.”
“Defending against today’s advanced threats, from software supply chain compromises to ransomware attacks, requires more than one technology or approach,” said Raja Mukerji, Chief Customer Officer, ExtraHop. “This XDR framework is an important step in providing organizations with a defensive playbook. That’s why we’re proud to join the XDR Alliance, working alongside companies that share our customer-centric approach and commitment to advancing the state of the art of cyber defense.”
“Exabeam’s vision is to make all organizations safe from malware, phishing, ransomware, insider threat, and other adversarial behaviors. The complexity of today’s landscape and the prevalence of these attacks put organizations in a precarious situation. Security teams inside organizations are currently having to play the role of integrator, stitching together siloed and disconnected security applications and tools, and develop architectures and content on the fly, with little support from the vendor community” said Chris Stewart, vice president, business development, Exabeam. “It’s no wonder SOCs are failing and adversaries own the headlines. Collaboration is key to building ‘state of the art’ security operation centers (SOCs) of the future.”
“Our mission at Expel is to make great security as accessible as the internet,” said Justin Bajko, co-founder and vice president of business strategy and development, Expel. “From integrating directly with more than 60 types of security tech to working with the tools customers already own, there are lots of ‘easy’ buttons we’ve tried to create for our customers. But making sure great security is within reach for organizations of all shapes and sizes is bigger than just a single vendor. That’s why we’re proud to be part of the XDR Alliance, and to help foster greater collaboration among security vendors. As a result, businesses will be able to implement the right detection and response capabilities for their own environment both quickly and easily.”
GOOGLE CLOUD SECURITY
“As the threat landscape continues to grow, security operations teams are demanding more from their tools. Organizations require a platform to cost effectively store and analyze all their security data in one place and investigate and detect threats with speed and scale. They need the ability to store vast amounts of data, analyze and correlate the data from siloed solutions in order to adequately detect and respond to emerging threats within their environments,” said Sunil Potti, Google Cloud VP and GM of Cloud Security. “We are looking forward to joining the XDR Alliance to help build an inclusive and open XDR framework that gives our joint customers a pathway to the best-in-class Security Operations Centers (SOCs) in the Cloud.”
“Email security and management is a critical piece of security operations and we look forward to playing a part in building the first open XDR framework that interconnects with best-in-class cybersecurity solutions on the market today,” said Jules Martin, vice president ecosystem & alliances, Mimecast. “Joining the XDR Alliance is another step in the direction of our goal to make it easier for customers to protect their organization in this decade’s fast-changing security and risk environments.”
“Cybercrime is increasing at an alarming rate. As more enterprises use cloud applications and evolve their security and networks toward a SASE architecture, data in the cloud must be kept safe,” said Billy Bond, VP of Business Development & Alliances, Netskope. “We are proud to join the XDR Alliance and do our part to drive cloud security best practices. We look forward to working with XDR Alliance members on our joint mission to secure every bit of data in the cloud, wherever and however that data is accessed.”
“Efficient XDR requires comprehensive attack surface data – from endpoint to cloud to IoT – in order to deliver prevention, detection, and response across the modern network. Security operations require powerful telemetry, contextualized alerts, and automatic actions to autonomously prevent and respond to attacks at machine speed,” said Nicholas Warner, Chief Operating Officer, SentinelOne. “We look forward to contributing the richness of our data and AI capabilities to lead the XDR revolution, and we are excited to collaborate with other XDR Alliance members as a co-founding partner.”