Top 10 XDR software
November 08, 2024 | Editor: Michael Stromann
12
Extended Detection and Response software that includes EDR (Endpoint Detection and Response) and NDR (Network Detection and Response) solutions.
1
CrowdStrike's cloud-native endpoint security platform combines Next-Gen Av, EDR, Threat Intelligence, Threat Hunting, and much more.
2
Endpoint security software that defends every endpoint against every type of attack, at every stage in the threat lifecycle.
3
Darktrace AI interrupts in-progress cyber-attacks in seconds, including ransomware, email phishing, and threats to cloud environments and critical infrastructure.
4
Endpoint Protection with XDR, EDR. With open APIs, extensive third-party integrations, and consolidated dashboards and alerts, Sophos Central makes cybersecurity easier and more effective.
5
Endpoint and Workload Protection platform that adapts to your business. Consolidate multiple endpoint and container security capabilities using one agent and console, helping you operate faster and more effectively.
6
Wazuh is a free and open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.
7
Revolutionary Threat Detection and Response platform. Reduce time to detect and respond to cyber attacks with the most open and comprehensive AI-powered platform and XDR
8
Cortex brings together best-in-class threat detection, prevention, attack surface management and security automation capabilities into one integrated platform.
9
ExtraHop provides cloud-native cybersecurity solutions to help enterprises detect and respond to advanced threats—before they compromise your business.
10
Tripwire alerts you to unplanned changes and automates remediation to proactively harden your systems and reduce your attack surface. Detect and neutralize threats on-site and in the cloud with superior security and continuous compliance.
11
Huntress delivers a powerful suite of managed endpoint detection and response (EDR) capabilities—backed by a team of 24/7 threat hunters—to protect your business from today’s determined cybercriminals.
12
Corelight combines the power of open source and proprietary technologies to deliver a complete Open Network Detection & Response (NDR) Platform that includes intrusion detection (IDS), network security monitoring and Smart PCAP solutions.
13
Vectra AI's Threat Detection and Response Platform protects your business from cyberattacks by detecting attackers in real time and taking immediate action.
15
Empower your team with Mandiant's uniquely dynamic view of the attack lifecycle. Combine machine, adversary and operational cyber threat intelligence to understand and defend against relevant threats.
16
Continuous protection for your evolving IT environment, superior multiplatform cyber risk management, including Modern Endpoint Protection, XDR, Email Security, Multi-Factor Authentication.
17
A fully managed, integrated ecosystem of services with our powerful, nation-state-grade MDR technology at its core.
18
Arctic Wolf delivers dynamic 24x7 cybersecurity protection tailored to the specific needs of your organization.
19
FortiXDR, part of the SecOps Platform, correlates data from across endpoint, network, cloud, and other data lakes to detect stealthy attacks enterprise-wide. Once detected, FortiXDR can automatically conduct incident response actions or aid analysts in rapidly remediating events across the entire Fortinet Security Fabric and third-party solutions.
20
The cloud-native SecureX integrates the Cisco Secure portfolio with the entire security infrastructure, speeding detection, response, and recovery.
21
All-in-One Cloud SIEM + XDR. Blumira makes XDR easy and effective for lean IT teams. Our all-in-one solution combines SIEM, endpoint monitoring and automated detection & response to reduce complexity, provide broad visibility and speed up your time to respond.
22
A Platform Built to Streamline SecOps. Real-time detection, analysis, and response to network threats.
Important news about XDR software
2023. Okta snatches up security firm Spera for over $100M
It is a curious fact, little known except to those who pay far too much attention to such things, that Okta, a rather prominent identity and access management company, has decided to gobble up Spera, a security firm that, in all likelihood, was blissfully unaware of its impending absorption. The grandiose plan here—if you believe the press releases—seems to be to bolster Okta’s prowess in identity threat detection and response (ITDR), gifting its customers the futuristic power to bat away risks, identify vulnerabilities lurking in the shadows and generally do all sorts of clever things that would make your average IT department faint with joy. Spera, for its part, brings an assortment of shiny tools that not only reveal those pesky silos hiding within software-as-a-service and infrastructure applications, but also expose vulnerabilities in user populations. It doesn’t stop there, of course. Spera goes one better by helping companies to slash their license costs, a task that involves discovering and mercilessly deactivating dormant accounts, much to the relief of overworked finance teams everywhere.
2023. Microsoft 365 Defender is becoming Microsoft Defender XDR
Microsoft has integrated cloud workload alerts, signals and asset information from Microsoft Defender Cloud into Microsoft 365 Defender - it's cloud-based service designed to help protect on-premise, cloud and hybrid environments. This integration now removes any infrastructure blind spots in an organization’s digital landscape. As part of this integration, the company is rolling out new correlations and content tailored to cross-workload correlations and cloud-specific content, giving you a richer, more contextual understanding of the threats, your organization faces. In the Defender portal, SOC analysts can now run end-to-end investigations if they’re faced with this type of cyberattack. They can monitor, triage and investigate multicloud alerts across Azure, AWS and GCP. This end-to-end prioritization of information and alerts streamlines the investigation process and greatly improves SOC efficiency. With the incorporation of cloud signals, the company has renamed Microsoft 365 Defender to Microsoft Defender XDR to better represent its capabilities that broadly span multiplatform and multicloud assets.
2023. Arctic Wolf acquires cybersecurity automation platform Revelstoke
In the delightfully convoluted world of cybersecurity, where virtual wolves roam, Arctic Wolf, a guardian of all things digital, has rather cleverly decided to absorb Revelstoke—a company expertly tinkering with something called SOAR, which stands for Security Orchestration, Automation and Response, though it sounds suspiciously like something that ought to involve wings and feathers. This cunning acquisition means Arctic Wolf’s platform is now primed to sniff out nefarious cyber-nasties with the speed and precision of a caffeinated octopus. Arctic Wolf’s magical software already hoovers up data from every nook and cranny—be it endpoints, clouds, or networks—unifying them into a single, comprehensible whole (or, as comprehensible as anything in cybersecurity ever gets). Now, with Revelstoke’s wizardry in tow, Arctic Wolf is poised to deliver mind-bogglingly advanced tech that makes SOAR outcomes so seamless they might as well be magic, all for the comfort and delight of clients who’d quite like their cybersecurity served without all the fuss.
2023. Cybersecurity firm Lumu raises $30M to detect network intrusions
In the vast and bewildering galaxy of cybersecurity startups, Lumu has secured $30M to boldly do what many others are also doing: detecting security breaches and offering clever insights on compromised networks. With its sharp focus on identifying threats and spilling the beans on exactly when, where and how breaches occur—complete with detailed response plans—it’s certainly got its act together. Lumu even lets enterprises automate defensive moves through existing security tools, all while combing through a whopping two years of network data for any hint of suspicious activity. Admirable, yes. Groundbreaking, perhaps not entirely. After all, fellow cosmic contenders like Ordr (which recently scored $40M), Cyrebro, Darktrace and Vectra (valued at $1.2 billion) are doing much the same, each trying to outwit the digital chaos in their own peculiar way.
2023. CrowdStrike acquires Bionic.ai for $350M
In a galaxy of cyber threats, where CrowdStrike reigns as a champion of endpoint security and breach response, a new acquisition has emerged from the swirling mists of the SaaS sector: Bionic.ai. For a tidy $350 million, CrowdStrike now holds in its possession a cloud security posture management platform—essentially a magnifying glass for IT teams eager to spot lurking vulnerabilities in their company’s digital landscape. Now, while Bionic.ai’s annual recurring revenue (ARR) remains modestly shy of the $10 million mark, an amount often tossed about in the SaaS universe as an “important metric,” it’s the additional layer of insight that excites CrowdStrike. Already well-furnished with its own security service, Falcon, CrowdStrike looks to Bionic.ai to sprinkle a touch of cosmic visibility and observability into its ever-expanding galaxy of offerings.
2023. Incident response management platform Rootly secures $12M
In a universe not entirely unlike our own, where websites behave a bit like fickle weather patterns and digital storms tend to pop up precisely when least expected, there exists an audacious little startup called Rootly. Picture, if you will, Rootly’s ingenious platform, fashioned to deftly manage the sorts of digital crises that can make a CTO feel like they’re trapped in an infinite loop of headaches. With a freshly secured $12 million in Series A funding, Rootly has set itself on a mission: to automate the chaotic ballet of incident management with tools that not only marshal teams within Slack but also take it upon themselves to suggest what the poor humans involved might want to do next. And Rootly’s talents don’t stop there—it can, rather impressively, whip up status updates and post-mortems without needing a drop of coffee, even spotting connections between seemingly unrelated incidents. All this unfolds in a market worth a cosmic $29.21 billion (circa 2022), where Rootly finds itself pitted against other rather spiffy tools like FireHydrant, Blameless, and the newly cash-infused Incident.io, which, if rumors are true, has a bit of venture capital backing to the tune of $28.7 million.
2023. Gem Security wants to secure your cloud infrastructure, raises $11M
Gem Security, the Israeli-based startup developing a cloud threat detection, investigation and response (TDIR) platform, is emerging from stealth today and has announced an $11 million seed funding round. With support for major cloud platforms like AWS, Azure, Google Cloud and Kubernetes, Gem Security promises to provide security teams with a unified, streamlined tool to identify all their cloud assets and offer real-time threat detection and contextualized alerts to ensure their safety, partly by automating a significant portion of a company’s cloud security operations.
2022. GreyNoise to expand its threat intel collection after securing $15M in funding
In a universe brimming with unending streams of digital drivel, GreyNoise Intelligence, a plucky cybersecurity startup with a knack for sifting sense from the cacophony of internet scanning traffic, has pocketed a cool $15 million in Series A funding. Their mission? To boldly expand their threat-collection contraptions and shield organizations from the next big digital nasty lurking in the ether. Self-described as “anti-threat intelligence” (which sounds appropriately contrarian), GreyNoise acts like a spam filter for the internet’s incessant alert deluge—because, let’s face it, security analysts wading through seas of pointless alerts is just the galactic equivalent of finding a Vogon poem charming.
2022. IBM acquires attack surface management startup Randori
IBM has announced that it’s acquiring Randori, a Boston-based offensive security startup that integrates attack surface management (ASM) with continuous automated red teaming (CART) to assist organizations in enhancing their cyber defenses. ASM — the ongoing discovery, inventory, classification and monitoring of a company’s IT infrastructure — is becoming essential for organizations of all sizes. The number of potential exposure points in hybrid cloud environments is increasing rapidly due to the pandemic-driven shift to remote and hybrid work, with ESG data indicating that 67% of organizations observed their external attack surface expand over the past two years because of the growing use of cloud, third-party services and Internet of Things (IoT) devices.
2022. Seemplicity emerges from stealth with $32M to consolidate security notifications and speed up response times
Israel-based startup Seemplicity is coming out of stealth with $32 million in funding for a platform it believes will help reduce the cyber attack burden by managing the massive influx of data that inundates DevOps teams, which is challenging to interpret even before any action is taken. It consolidates all of those alerts and orchestrates them to determine which are related, which can be grouped together, which are more critical (due to their importance to core operations or potential to indicate a cascading issue, for instance) and which can be resolved by addressing another issue.