- “Extended detection and response” is one of cybersecurity’s hottest trends, fueling M&A and revenue.
- XDR software gathers corporate data, stitches it together in one master view, and studies the data.
- The software sounds the alarm when something is abnormal – like hackers in SolarWinds-style attacks.
- Visit the Business section of Insider for more stories.
The sprawling SolarWinds cyberattacks and new hacks of Microsoft email systems have hit the cybersecurity world hard. After successfully protecting remote workers and US elections in 2020, even the largest companies have been flummoxed by this year’s sophisticated nation-state attacks.
What, if anything, can stop the SolarWinds attacks of the future?
The shining hope is a trend called “extended detection and response,” known as XDR. It is cybersecurity’s next big thing, fueling big acquisitions and big revenue – and big hopes that it can stop the biggest future attacks.
XDR software gathers data from previously siloed parts of a company, like employees’ laptops, phones, email, and cloud servers. XDR programs then stitch the data together to produce a comprehensive view of a company for cybersecurity teams. Then XDR uses artificial intelligence to “learn” what a normal network looks like, and how to spot anomalies – like hackers. When those hacks happen, XDR pulls together highly relevant data and recommendations for how to respond.
More than anything else, experts say, XDR saves time and helps understaffed cybersecurity teams to focus on what’s important, even as recent events show that the potential dangers are only growing.
“XDR is the next wave,” says Daniel Bernard of SentinelOne, a powerhouse XDR startup with a valuation over $3 billion. “The key to protecting against the next SolarWinds really lies in the power of automation to say, wait something’s happening here that shouldn’t happen,” Bernard says.
Last month SentinelOne acquired the data management startup Scalyr for $155 million to invest further in its XDR products. In the past month, three big companies – CrowdStrike, SentinelOne, and FireEye – bought companies that specialize in XDR. PitchBook wrote in a report last month that XDR companies are “justifying substantial acquisition values for incumbents developing strategies to address them.”
In the other XDR acquisitions, FireEye acquired XDR company Respond Security last month, and CrowdStrike acquired Humio. It’s worth noting, experts say, that SentinelOne and CrowdStrike were already major XDR players – and doubled-down on the category by buying companies that added more features.
Enterprise customers are getting out their wallets for XDR, too. PitchBook wrote that “70% of IT and security teams are planning to budget for XDR over the next 6-12 months.” PitchBook says the startups that will clean up include Cybereason and SentinelOne as well as new entrants Hunters, Confluera, and Kognos.
Gartner, meanwhile, listed incumbent companies vying for XDR market share as Cisco, Fortinet, Fidelis Cybersecurity, McAfee, Microsoft, Palo Alto Networks, Trend Micro, Sophos, FireEye and Symantec.”
“CrowdStrike is crazy on fire,” says Gartner analyst Peter Firstbrook. The company announced 87% year-over-year subscription revenue growth in December with annual recurring revenue of $117 million. “And SentinelOne is crushing it and rolling toward an IPO,” he says.
XDR may be the best bet to stop the next SolarWinds attack
SolarWinds and other related attacks – like the apparent Chinese hacking into Microsoft enterprise software recently – are devastating because they spread quickly through computer systems and mimic a company’s processes. Understaffed cybersecurity teams don’t see sophisticated attacks because they leave only subtle signs across multiple cybersecurity tools.
All cybersecurity attacks will be easier to spot with XDR, experts say – especially subtle ones across multiple platforms, like SolarWinds. XDR pulls all the data together automatically, and “learns” from it, saving security staffs time, and pointing out the important issues teams should focus on.
It’s impossible to say if widespread adoption of XDR could have stopped SolarWinds. XDR is just now maturing, and SolarWinds took years for Russian hackers to develop and implement. But experts cite key aspects of the trend as highly relevant.
“If anything is going to find the next SolarWinds, the best chance is going to be XDR because it operates as glue between siloes, pooling all the information and working across systems,” says Greg Young, vice president of cybersecurity at Trend Micro. “XDR is one of those evolutionary steps forward.”
“An XDR solution would definitely help you respond to a major threat,” says Firstbrook of Gartner. Perhaps more importantly, XDR helps to address cybersecurity’s jobs gap. Experts say there are 350,000 open cybersecurity jobs in the US – and companies are being left exposed. “The main way XDR may help is that right now, there just aren’t enough people.”
XDR “would have helped” protect companies from SolarWinds, says Brian Murphy, CEO of ReliaQuest, a booming, Tampa, Florida startup. His company, which raised a whopping $300 million funding round in August, helped a major financial firm shut down SolarWinds attacks in 48 hours, the company says. ReliaQuest’s revenue is up 50% as it provides XDR services that help companies pull data in from across their company to monitor networks and automate cybersecurity processes.
“We met the market right on time,” Murphy says.
Uri May, CEO of the Israeli XDR startup Hunters, feels the same way. Hunters’ investors include some of the biggest names in tech, including Microsoft, Snowflake, and Okta. With all the recent acquisitions in XDR, “there are a lot of conversations” about his company, too, May says —but nothing concrete. “In the race to adopt XDR, it’s a very exciting time.”