Last week’s RSA Conference was all about XDR (Extended Detection and Response). Compared to previous shows and marketing efforts of the past couple of years, where there was a primary focus on SASE, this year’s show saw a surge in XDR-related marketing. One could say XDR is the new SASE in that it has become front and center. We also found that, much like SASE, XDR means different things to each company promoting it. Companies promoting XDR say it includes various functions such as Endpoint, EDR, MDR, Telemetry, AI/ML, NDR, Email, Web, Threat Intelligence, etc. These fundamentally differ from the more network-oriented SASE systems and therefore don’t overlap much (except maybe Endpoint), so at least we are discussing something different.
In promoting its XDR version, we are interested to see that Cisco has become increasingly focused on partnering with other industry participants. Its partnership-friendly version of XDR is practical in that the industry has moved fast, and Cisco is forced to adopt a partner strategy. In fact, on Cisco’s “What is XDR web page,” the company lists various security companies with Endpoint capabilities.
According to its current web page, Fortinet’s XDR is built upon its existing FortiEDR system. Unlike Cisco, Fortinet is not actively promoting competitors in its marketing, citing its exposure to the Endpoint market as a selling point for its XDR system.
Palo Alto Networks’ XDR marketing is similar to Fortinet’s in that it cites its prowess in Endpoint and emphasizes its well-known Cortex system.
Trellix XDR marketing shows a web of telemetry connections to various systems, including Web, Email, Endpoint, network, data/users, and Cloud. Similar to Cisco, it emphasizes its 1,000 partners as data sources for its XDR systems. Trellix made a very significant corporate marketing awareness push at the RSA conference, too; every participant’s badge had the Trellix brand printed on their badge. The word Trellix was printed relatively close to the names of participants, so it almost looked like everyone who went to the show worked for Trellix.
Crowdstrike, a company with significant exposure to large enterprise Endpoint, announced its Crowdstrike XDR Alliance marketing approach at the RSA Conference. Among the long list of alliance partners, it listed Cisco, Fortinet, Netskope, Proofpoint and Zscaler. In addition, Crowdstrike also pushed its corporate marketing agenda with a blowout party at the SF MOMA, and attendees had to stand outside in long lines to get in. You couldn’t miss it.
Scores of other vendors were promoting XDR at the RSA show, but for brevity’s sake, we only hit on a small number of vendors.