Gartner® XDR Market Guide

OVERVIEW KEY FINDINGS

• “The trend continues for security and risk management (SRM) leaders to seek security vendor and product consolidation to manage risk and improve security operations productivity. Extended detection and response (XDR) is evolving to provide these benefits”.
• “XDR is expected to see the biggest initial adoption by smaller security organizations that likely don’t have security information and event management (SIEM)/security orchestration automation and response (SOAR) solutions in place today. No XDRs currently meet the full needs of mature large enterprise security operations becauseXDR will not displace SIEM functionality for all use cases”.
• “XDR will be an increasingly critical capability for buyers to evaluate when seeking strategic architectural decisions for their security operations program. XDR solutions are built around multiple products designed to provide a more comprehensive solution for workspace security, network security or workload security domains”.
• “Modern security is a data-heavy exercise, and competent XDR providers will have extensive and cost-effective data storage, analytics and machine learning (ML) capabilities”.

RECOMMENDATIONS
SRM leaders looking to improve incident response capability should:

• “Evaluate any underutilized functionality in existing point solutions integrations with SIEM/SOAR first to ensure that XDR will cover any specific gaps in threat detection and the response program”.
• “Evaluate a vendor consolidation strategy anchored with XDRs on its ability to improve security efficacy and improve security operations productivity”.
• “Focus initial XDR product considerations on threat-centric detection and incident response heavy security use cases such as user workspace, cloud usage, application workload or traditional network protection”.
• “Evaluate XDRs on their overall utility not just component parts; other features to consider are the underlying data lake foundation with lower-cost and flexible data storage, functional orchestration and automation, and advanced security analytics. A credible XDR is more than just a number of point solutions from a single vendor and will be able to replace some of the existing security operations tools with more efficient, alternative ways of working”.