“I love being locked into a single security vendor” said no CISO, Ever!
In technology buying terms, vendor lock-in happens when an organization becomes confined due to its over-reliance upon a product, platform or service that is provided by a single vendor. While the company could theoretically move away from the vendor, the costs of doing so are very high and often too high to make it practical.
In XDR terms, medium size enterprises are at the highest risk of falling into this trap, when they settle for a Proprietary XDR solution. These vendor specific solutions are marketed on the premise of a “one-stop-shop” solution that may seem attractive at first, until all the costs are recognized and at the expense of long-term innovation.
Proprietary XDR or Universal XDR?
There are two main approaches to XDR – one is championed by vendors like Palo Alto Networks and Trend Micro who are integrating their own portfolio of security products with a proprietary XDR platform. The other approach is promoted by universal XDR vendors, who provide an XDR overlay to enable cross-vendor integration and interoperability of already deployed endpoint, network, and cloud security tools. Let’s take a closer look at each strategy.
As expected, early entrants to the XDR market are established security solution vendors who are using their own cloud-delivered XDR management platform to unify their own portfolio of network security products. While this may seem redundant, it’s a well-known fact (and frustration) that different product lines from the same vendor often employ proprietary data formats and protocols that are incompatible with one another. Sometimes this is due to new technologies that go into a new product, and were not available when older products were designed. So even products from the same vendor need to be integrated with one another!
One advantage of Proprietary XDR is the vendor’s ability to leverage their exclusive understanding of the relationships in the underlying data, and to use private APIs to enable automated actions. This kind of XDR architecture can be brought to market quickly and effectively with out-of-the-box integration.
But it’s not as easy as it sounds. A vendor’s legacy products may not be able to scale as needed or to integrate efficiently with cloud-native XDR tools. The most glaring drawback of Proprietary XDR is vendor lock-in, which requires the entire cybersecurity architecture to rely on one vendor, albeit an established and successful vendor. At first, the “proprietary” route may seem like the easier and faster path to XDR, but reliance on one vendor can lead to another more serious drawback – the “innovation trap.” Big vendors with broad security product portfolios typically do not have best-in-class products across the board. They excel in their flagship offering, but functionality and integration are often weaker in product lines that were added later or acquired. Over time, as competitors innovate, these weaknesses will be amplified.
If an organization’s security architecture is already built around a single vendor, then Proprietary XDR makes sense. However, if like most enterprises, the cybersecurity architecture comprises best-in-class products from a variety of vendors, then a Universal XDR solution is a much more suitable approach.
With Universal XDR, it doesn’t matter how many different security systems and tools the organization has. Universal XDR solutions provide a cloud-native XDR overlay platform that enables seamless and simple cross-product and cross-vendor integration of already deployed endpoint, network and cloud security tools.
There is no need to replace legacy tools or to align with a single vendor. On the contrary. Universal XDR helps to extract more value from the organization’s existing security architecture and to leverage it for better and wider protection. This is of critical importance to enterprises that have invested millions in their security infrastructure.
Universal XDR solutions automatically collect historic and real-time event data from deployed security tools and store it in common data formats to enable ultra-fast indexing, correlation and analysis that provide:
- Highly accurate threat detection
- Consolidated threat visibility
- Intelligent alert prioritization and multi-vector investigation
- Automated response across all security tools in the XDR constellation
- Unified threat management
There is no need for security teams to manually piece together data from different systems and to jump from dashboard to dashboard to investigate and resolve alerts. Security teams get a unified view of cyber threats and a clear picture of the full kill-chain of staged attacks, including accurate forensics on every incident and event along the way
Organizations can continue to deploy and upgrade best-in-class products, knowing that their security data can be collected and correlated by the Universal XDR platform, regardless of product vendor or software version.
For more, check out our new “The Definitive Guide to XDR” here