Introducing the XDR Alliance!

Gorka Sadowski
3 min readAug 4, 2021

In a previous blog, I described why following the XDR newsfeed felt like watching a telenovela with always a more dramatic episode around the corner. This might be fun for the casual observer, but it is really hurting CISOs and security teams, and ultimately it is detrimental to organizations’ security posture. It is time to reboot the XDR telenovela.

Introducing the XDR Alliance!

XDR Alliance — why?

Why did Exabeam drive the creation of this alliance with key security technology providers Armis, Expel, ExtraHop, Google Cloud Security, Mimecast, Netskope, and SentinelOne? Simple, it’s because:

  • We cannot lose the battle to the adversaries, and we need to offer organizations protection against all kinds of threats, from the most trivial to the most sophisticated.
  • Organizations need to assume breach, and prevention is important, but not enough.
  • Emerging security information and event management (SIEM) tools are amazingly powerful but can feel overwhelming when the requirement is only focused on detection and response (and investigation and threat hunting).
  • Detecting and responding to threats using a single-vendor strategy is risky, regardless of how big they are and regardless of how great a portfolio they have.
  • Collectively and collaboratively is the only way to deliver on XDR’s promise of easier threat detection, investigation and response (TDIR) across the extended set of technologies already deployed in organizations.
  • Leaving the integration and content development burden to the customer is too big an ask. It places too much responsibility on teams that are already overwhelmed and understaffed. Vendors need to step up to the plate and do the bulk of the heavy lifting.

The vendor community needs to put collaboration above competition in our already very fragmented market if we want to win the battle against attackers.

XDR Alliance — what?

The XDR Alliance is a group of security technology providers who have organized to help customers more easily define, implement, and operate effective threat detection, investigation, and response (TDIR) programs and technology stacks.

Our mission is to 1) collaborate on value-add, vendor-driven joint integrations and capabilities for the benefit of customers, and 2) promote an open XDR approach through market education and awareness activities.

XDR Alliance — how?

The XDR Alliance is founded on the acknowledgement that:

  • Current approaches to SOC are not scaling and will keep failing.
  • Tool integration and content development for most use cases is very hard for all but the most mature organizations, and should really be driven by vendors.
  • The vendor community is very fragmented, yet vendors are willing and able to come together when duty calls.

I want to thank Exabeam for believing in this vision and investing the resources to be the driving force behind this, and I am grateful for all the Exabeam people who participated in making the alliance a reality.

Finally, I want to thank all the inaugural members for their support and collaboration in the XDR Alliance. Your participation demonstrates your thought leadership, vision, and customer-first mindset. I am proud to count you as partners in helping security operations teams improve threat detection and response. Let’s collectively win the battle against the adversaries. We are just getting started, so reach out to us to be part of the XDR Alliance.

Telenovela rebooted.



Gorka Sadowski

Cybersecurity expert and Chief Strategy Officer at Exabeam. Former Gartner analyst driving SIEM and SOC research and builder of the Splunk security ecosystem.