Beware, all XDR vendors (and their products) are not created equal. 

The acronym XDR (Extended Detection and Response) has been bandied about since 2018 with increasing frequency. As XDR is still an evolving concept, in many ways, it’s a ‘watch this space for breaking developments’ story.


But as of right here and now, what does XDR mean, and why is it important to you and your customers? And does your choice of XDR partner matter?
A quick XDR recap in case you’re tight on time!
In case you didn’t read our earlier blog, XDR (Extended Detection and Response) is the grownup version of EDR (Endpoint Detection and Response). However, XDR goes beyond EDR to deliver holistic protection against cyberattacks, unauthorised misuse and access, visibility across all data (from network to endpoint and cloud data), and analytics and automation.

XDR is a vendor-specific SaaS tool which natively integrates multiple security products into what Gartner calls a single ‘cohesive security operations system that unifies all licensed components.’
The fine art of choosing the right XDR vendor solution 
No one likes to get caught out (or look bad under stakeholder scrutiny) by making the wrong technology decision. With so many wanna-be XDR solutions in the market, it’s essential to understand what really matters. You need to be able to differentiate between a true, mature XDR vendor and one that’s not there yet.

So, what counts? What should you ask about when putting together your XDR shortlist?

  • Customer focus: Ask about the solution roadmap – for both R&D and support. The last thing you need is a vendor who will abandon you and leave your security posture in question.

  • Legacy to the core: Is the solution’s antivirus (AV) technology still rooted in the context of ‘legacy’ AV and the use of signatures? If so, beware. This approach has been proven highly ineffective and has been behind the industry push to NGAV and related AI methodology. It’s worth noting that according to Forrester’s Total Economic Impact report, customers report a 97% satisfaction rate, and see an average of 353% ROI when they switch from legacy AV providers.

  • Poor prevention: Poor prevention (pre-execution) of new and unknown threats (including ransomware). These binaries must execute to have their behavior evaluated. However, due to their use of signatures, most modern threats fall into this realm.

  • Simplified deployment: How easy is the product to deploy as a complete solution? Performing a ‘quick’ deployment of some of the solutions in the market, with all required components, is simply not feasible or scalable.

  • Performance/footprint: Ask about the focus on performance and footprint/impact on the endpoint. Some product offerings are notoriously bloated and resource intensive.

  • Unified EDR from the outset: Is the product a unified platform that can address all phases of the threat lifecycle? (Does it align with Gartner’s definition: ‘A cohesive security operations system that unifies all licensed components’?)

  • Forensics/hunting: Keeping in mind that hunting and IR are known weak points in certain products, how do these capabilities stack up across your shortlisted solutions? 
9 reasons why your XDR shortlist should include SentinelOne’s Singularity XDR
We like to stand out from the crowd for all the right reasons. So, when you’re drawing up your business and feature differentiation list – here’s what you need to know about SentinelOne.

1.       On-device AI for static and behavioural detection in a single agent

2.       Intuitive UI and automatic AI-driven Storyline visualisation saves time, reduces dwell time, and improves SOC
          productivity

3.       Strongest support beyond Windows - robust macOS, Linux, CWPP offerings

4.       Patented 1-click remediation and rollback reduces MTTR

5.       Complete API (bi-directional, full product/policy control)

6.       Superior detection of fileless and ransomware attacks

7.       Highest rate of correlated alerts mapped to the MITRE ATT&CK Framework

8.       SentinelOne’s Singularity platform covers endpoint, IoT, and CWPP

9.       Fully flexible architecture - supporting cloud, on-prem, and hybrid deployments
Then we have the BIG SentinelOne fact stack
We love facts and stats, and dislike self-proclaimed factoids. We believe that no matter what we say about ourselves, nothing beats independent, respected third-party industry-recognised validation of your strengths. So here we go with our fact stack!

Fact: The 2020 MITRE Engenuity ATT&CK Carbanak+FIN7 Enterprise Evaluation showcases SentinelOne as leading in EDR performance across platforms, saying:

  • SentinelOne is the only vendor to deliver 100% visibility with zero missed detections across all tested operating systems. Visibility is the foundation of best-in-class EDR, and big data expertise is vital to unlocking visibility. Singularity delivered a comprehensive view of the entire enterprise, detecting every attack autonomously at machine speed.

  • SentinelOne delivered the most high-quality analytic detections to provide automated and instant context. SOC teams are overwhelmed with alerts and data, making it impossible to respond fast enough to the critical alerts that matter. Singularity provides automated, real-time correlation and context so analysts can focus on signals instead of noise.

  • SentinelOne experienced zero delayed detections. Adversaries operating at high speed must be countered with machine speed automation that’s not subject to human-powered latency. Singularity delivers contextualised detections as they occur, in real-time and makes it easy for any analyst to interpret results.

  • SentinelOne required zero configuration changes, making EDR effortless. Constantly adjusting and tuning a product means the battle is lost before it starts. Technology-powered solutions should work at enterprise-scale right out-of-the box. Singularity deploys in seconds and instantly works at full capacity.

  • SentinelOne produced one alert per targeted device. Even the most skilled analysts struggle to manually connect the dots when defending against advanced attacks. Consolidating hundreds of data points across a 48-hour advanced campaign, SentinelOne Storyline correlated the attack into a single alert per targeted machine. Singularity automatically transforms complex and messy data into a clear, precise story.
Fact: More recently, Singularity XDR outperformed every other vendor in the MITRE ATT&CK evaluations (in more ways than one). Which we were evaluated against 29 other endpoint competitors.
Fact: In the MITRE Engenuity ATT&CK® 4th Evaluation, SentinelOne delivered: 

  • 100% Protection: (9 of 9 MITRE ATT&CK tests)

  • 100% Detection: (19 of 19 attack steps)

  • 100% Real-time (0 Delays)

  • 99% Visibility: (108 of 109 attack sub-steps)

  • 99% – Highest Analytic Coverage: (108 of 109 detections)
Fact: SentinelOne has had unrivalled success in the Gartner Critical Capabilities report and positioned itself firmly in the leaders quadrant of the 2021 Gartner EPP Magic Quadrant
And just a side note - legacy antivirus is so yesterday
If you’re relying on your legacy antivirus solution to see you through, we suggest you think again.

Legacy AV vendors are struggling to keep pace with the rapidly evolving cyber threat landscape. We think it’s fair to say that most antivirus tools still leverage archaic prevention and detection methodologies. And to boot, their sluggish approach to modernisation often translates to disjointed solutions with afterthought functionality.

Check out how SentinelOne compares with legacy antivirus here, and give it some thought.

And if you’d like more information on SentinelOne, and how our facts stack up against our competitors, just ask.