Over the past three years, there’s been no shortage of hot takes on XDR. From a plethora of vendors across industries to security luminaries laying claim to the term, opinions abound. Yet, until recently, no research established a firm definition of XDR, let alone conducted evaluative research on XDR vendor capabilities.

That is why I am thrilled to — finally — announce the debut of the first and only evaluative research on XDR available anywhere in the universe: The Forrester New Wave™: Extended Detection And Response (XDR) Providers, Q4 2021.

This research evaluates, compares, and contrasts the top XDR providers in the market today. Security pros can use it to gain a better understanding of the current state of the market and which XDR provider may be best for their security practice.

Getting To The Good Part: What Does This Evaluation Tell Us? 

While some may use the New Wave solely for the diagram, there are a whole lot more insights that came out of this research (that are also reflected in the report). Long story short, it’s meant to shortcut your evaluation process so you don’t have to get questionnaires, briefings, and customer references from 14 different vendors — I already took the red pill for you.

Here are the three most important takeaways from this New Wave: 

1. The marketing hype of some vendors fails to meet the moment 

The mantra “overpromise, under deliver seems to guide some vendors in this evaluation, which their current offering results show. While this strategy may work well for most other aspects of software as a service (SaaS) tech culture, it isn’t as conducive to certain industries — government and healthcare come to mind in addition to security. Thus, these vendors are relegated to providing capabilities far beneath what their marketing promises or are able to offer via a Mechanical Turk.

 2. Leading XDR providers are miles ahead of the competition … for now 

On the other hand, some providers are executing well enough and early enough on XDR to set baseline expectations around what XDR will provide to end users and what they should look for. But don’t get too comfortable with the market leaders as they are today. Being early doesn’t matter nearly as much as some vendors hope, and the cybersecurity world is littered with first movers that failed to adapt when the world changed.

Many of the providers barely meeting the minimum requirements to fit in the XDR market today have aggressive roadmaps to catch up and are aware they need to move quickly to become leaders in this space.

3. SIEM and XDR don’t play by the same rules — and that’s a good thing

XDR products are rooted in a vision to displace security information and event management (SIEM). Yet, despite this, XDR offerings subvert the expectation that the solutions will integrate with myriad products (as a SIEM would) by limiting scope. Scope limitations lead to a shorter list of integrated telemetry but allow vendors to prioritize the XDR feature that is most highly praised from end users: detection efficacy. 

Turning away from the security analytics narrative of integrating with as many security tools as possible, XDR providers fall into two categories: those going it alone as a native XDR provider or those that cherry-pick integration partners. The key message here is intentionality. Leading XDR platforms demonstrated the highest level of detection efficacy because of their ownership of the entire stack. Integration partnerships provided flexibility but sacrificed detection efficacy to do so.

Despite this, XDR providers are not forsaking third-party telemetry; they recognize it exists and plays an important part in detection, investigation, and response. To address this, XDR providers have built or have acquired (in many recent cases acquired) log management capabilities.

Closing Thoughts

To those who question if this market is a real thing or just a buzzword (I’m looking at you Jeff Pollard.), this is your official notice: XDR is real. This market matters; practitioners like you are using XDR today. One of the great things about working at Forrester and authoring Forrester Wave™ reports is that I get to give you the honest truth about the markets I cover. 

With that in mind, this is the first — and only — piece of evaluative research on XDR (so far), so we expect controversy. We welcome it (even on our own teams), and I’d love to talk more about it. I invite you to submit questions, comments, and feedback to me through the Forrester website or by engaging with me on LinkedIn or Twitter.


P.S. This blog is the first but not the last discussing the outcomes of this research. Stay tuned for a follow-up blog reviewing the due diligence that went into this research and report.