Open main menu
Home
Random
Donate
Recent changes
Special pages
Community portal
Preferences
About Stockhub
Disclaimers
Search
User menu
Talk
Contributions
Create account
Log in
Editing
Darktrace
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== The future of NDR is XDR === As stated previously, endpoint security has undergone a transition from basic AV solutions to next-generation AV and Endpoint Protection Platforms (EPPs) to Endpoint Detection and Response (EDR) solutions. However, there is a growing realization that the siloed approach to security is not enough to combat modern-day cyber threats. In fact, EDR tools face limitations when it comes to visibility into cloud workloads, IoT and unmanaged devices. This security gap is now being filled by tools such as NDR, cloud workload protection platforms, and user behavior analytics. This development has only added more siloed point security tools to an enterprise’s security arsenal. These tools don’t usually work well together and, even when they do, security analysts have to sift through a high number of alerts. These issues are giving rise to a new approach termed eXtended Detection and Response (XDR). XDR vendors seek to integrate telemetry from multiple sources such as endpoint, network, cloud, identity, etc. to offer contextually rich and targeted threat analysis and incident response systems. This is akin to SIEM systems; however, XDR offerings tend to be less open, with the use-case limited to threat detection and response. Eventually, JP Morgan believes that EDR, NDR, user behavior analytics and some SIEM/SOAR functionality will be brought into the fold of XDR. JP Morgan is already seeing integration of NDR capabilities from point solution vendors as part of their XDR strategy. Some key XDR vendors include Cisco, Palo Alto Networks, Crowdstrike, Sophos, IBM, Microsoft, Trend Micro, Rapid7 and SentinelOne. In JP Morgan's view, the growing list of XDR vendors will only increase the competitive intensity for vendors such as Darktrace, which does not have a strong standalone offering for endpoint, SIEM or network security (Darktrace solutions work as a complement to these point security tools). Larger enterprises using best-of-breed security vendors are more likely to license additional modules from these XDR vendors to improve network visibility and threat analytics. Smaller enterprises (with a limited security budget) may choose to outsource threat detection and response to Managed Detection and Response (MDR) vendors or other MSSPs (Managed Security Service Providers) given the high cost and complexity of managing NDR appliances and alerts. Some key MDR / managed SOC vendors include SecureWorks, Arctic Wolf, Rapid7, Sophos, eSentire, etc. Against the backdrop of commoditization of basic NDR capabilities, increased competition from XDR vendors, growing vendor awareness and relatively low switching costs, JP Morgan believes that customer acquisition and retention will likely get tougher for Darktrace, going forward. JP Morgan acknowledges that the shift toward integrated XDR solutions will not happen overnight and these solutions may take some time to mature. However, with vendors already aggressively pursuing such strategies, JP Morgan believes that the convergence between EDR, NDR, cloud workload protection platforms and user behavior analytics tools is inevitable.
Summary:
Please note that all contributions to Stockhub may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Stockhub:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)