XDR Demands a New Approach to Security—and Business
Everybody wants to rule the world, at least according to that Tears for Fears song a few decades back. This principle certainly holds true in the cybersecurity market. With extended detection and response (XDR) and the newer advancement of Open XDR becoming quickly becoming recognized as an important approach to stem the tide of increasing attacks, this business question is actually quite important. Security vendors want their products to be a platform—XDR or Open XDR, in this case—with partners and ancillary solutions revolving around a solution and environment they control and monetize. And who can blame them? It seems like a logical course of action for business.
So, given this type of orientation, are customers—organizations that pay for these security solutions—better served? The answer may be more complex than you first think.
XDR Tries to Own it All
First, if an XDR platform “trying to own it all” prevents customers from using what is already in place, for instance, endpoint security that is already deployed and trusted, the vertically integrated approach may not be good. Companies want to maintain and extend the value of their investments—this includes any monetary sunk cost, but it also includes knowledge, experience and trust of working with various security solutions. In addition, a long-time security principle has emphasized the value of defense in depth (and variety), not relying on a single vendor. In the ideal sense, an XDR platform should be able to work with any other security tool or information source, regardless of the vendor. In fact, a central principle of XDR is to take data from a variety of sources to determine quickly and accurately whether there is an indication of attack activity. Such access should not be subject to a “doesn’t play well with others” mentality.
It is in the best interest of customers and one of the best practices of security that interoperability not be hampered technically or by a business model. Failures can range from a flat-out incompatibility to a limitation of data sharing. The limitations can include insufficient data, lack of contextual details (another form of insufficiency) or a slowness of delivering data, perhaps relying on bulk exchanges that can occur only at fixed times spaced too far apart.
Second, the idea of a platform has considerable merits. Platforms may enable better, more complete dashboards and reporting and a grand design with better functionality and ease of management. These are all qualities beneficial to customers. In a way, the integrated platform parallels the old Mac versus PC argument. Having full control over both hardware and software, Apple has been able to ensure a consistently good level of reliability, ease of use and trouble-free upgrades or add-ons. This has come at a cost premium and a limitation of variety. A security platform may narrow a broader realm of variety in favor of optimized management and functionality. Customers tend to value this trade off.
The Question of Innovation
Third is the question of innovation. A platform may constrain innovation through a defined model or architecture to some degree. Instead of the sky being the limit and full out-of-the-box thinking, there are now established design parameters and dependencies to work within. On the other hand, this platform model or design generally enables better utility, management and ease of use. Accompanied with an open business practice, platform companies can help inspire and enable partner innovation by leveraging the platform elements to add greater variety and utility. Vendors successful at this often have progressive developer community with a portal, forums and even conferences and hands on support. This combination is particularly helpful to customers.
By its nature, XDR is a platform. Again, it is built around the recognition that data from multiple sources needs to integrated, aggregated analyzed for better and faster security findings that can more quickly find a real attack and stop it early. Platform should support technology and a business model that fully accommodates data from other security tools and sources. It should also strike the best balance between fully control and vertical integration and the involvement of partners or even customers. Finally, it should enable and encourage innovation to continually improve and advance it. This is the way that customers will best be served.
