Dazed and Confused by the XDR Telenovela?

New episodes — the plot thickens

If you are a technology buyer for the SOC I bet the XDR Telenovela is programming you could do without. Every day, there seems to be a new dramatic episode. Yet another definition for what XDR is, needs to be, should be, could be, and would like to be. And with them, new characters, and story lines for viewers to chew on.

  • Yes, EDR is an essential element of XDR.
  • Yes, the pre-integration that single-vendor ecosystems offer is interesting and valuable.
  • Yes, XDR use cases can be covered by some of the leading SIEMs (e.g., Exabeam)

Overcoming the Telenovela — finding a common definition

From my Gartner days, I know that the ideal definition for XDR, or any emerging category, is not necessarily the simplest or the most complete, but the one that is:

  • Simple and clearly understood by everyone
  • Precise enough to differentiate XDR from adjacent technologies such as SIEM
  • Yet federative enough to be embraced by key stakeholders and promote collaboration among the broader community of vendors, service providers, end-clients, press and analysts.

Exploring an XDR definition — let’s focus on expectations and outcomes

Why can’t we produce a definition that is end-user focused, results-oriented and rooted in the mission of XDR? Do we really need to place an emphasis on specific tools or create an arbitrary requirement for all pieces to be from the same vendor? Sounds dramatic to me …

  • Cloud-delivered and cloud-ready
  • Focused on TDIR
  • Offers coverage for threat-centric use cases (trivial to sophisticated)
  • Accommodates today’s heterogenous environments
  • Enables immediate time-to-value as a turnkey solution”



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Gorka Sadowski

Gorka Sadowski

Cybersecurity expert and Chief Strategy Officer at Exabeam. Former Gartner analyst driving SIEM and SOC research and builder of the Splunk security ecosystem.