back caretBlog

ExtraHop is the Founding NDR Provider in the XDR Alliance

Open XDR Alliance Logo

Today, Exabeam announced the XDR Allianceā„¢, a partnership of leading cybersecurity industry innovators committed to an inclusive and collaborative extended detection and response (XDR) framework and architecture.

The alliance consists of leading vendors in security information and event management (SIEM), endpoint detection and response (EDR), network detection and response (NDR), email security, and other key security product categories.

Open XDR Three-Tier Model

The Open XDR Alliance proposes a three-tier model for XDR, relying on tight integration between security and analytics providers across the most critical categories of security products. Getting the highest fidelity data from each source, then conducting analytics, threat detection, and response actions driven by that data, is at the heart of effective XDR.

Too many security teams are overwhelmed by the number of security tools they have to use and manage. Tool sprawl contributes to an excess of alerts, which drives analysts to fatigue and burnout, and degrades the security posture of the business. The promise of XDR is to reduce tool sprawl and increase the efficacy of individual analysts as well as the entire SOC. We believe this can be achieved through careful selection of tools and simple, out-of-the-box integrations among the most crucial security solutions.

ExtraHop is the XDR Alliance's founding member for the NDR category, and the charter of the alliance is tightly aligned with our philosophy of doing what is best for our customers. We always strive to enable an open and interoperable security ecosystem that can meet any customer's needs and strengthen the security of their organization. We invest heavily in developing our robust REST APIs, our OpenDataStream technology, and our direct partnerships with other vendors to assure that customers can seamlessly integrate our NDR solution with the best tools for their other evolving security needs.

"Defending against today's advanced threats, from software supply chain compromises to ransomware attacks, requires more than one technology or approach," said Raja Mukerji, Chief Customer Officer, ExtraHop. "This XDR framework is an important step in providing organizations with a defensive playbook. That's why we're proud to join the XDR Alliance, working alongside companies that share our customer-centric approach and commitment to advancing the state of the art of cyberdefense."

Why XDR?

Cyberattackers have the upper hand. They have countless ways of breaking into target environments undetected, evading detection by established security solutions, and exfiltrating data or encrypting it for ransom (or, increasingly, doing both!)

No individual security tool is able to catch and respond to all of these tactics. It takes an ecosystem of the best tools for each requirement, and they have to work well together to reduce the manual effort that leads to analyst burnout, and accelerate detection and response so that enterprises can protect themselves and their customers from increasingly advanced threats.

Why ExtraHop?

ExtraHop offers several key differentiating factors that make it a great fit for an open XDR deployment in the enterprise.

  1. NDR is covert and agentless: While advanced attackers can evade EDR and erase or tamper with activity logs, they have no way of knowing whether their network traffic is being observed. NDR catches threats other tools miss by observing the ground truth on the network.
  2. Access NDR detections anywhere: For many SOCs, the SIEM is the primary console from which security detections and investigations are conducted. ExtraHop Reveal(x) 360 NDR can share detections with your SIEM or other tool of your choice so you get seamless access to more confident detections and forensic details.
  3. Decrypt network traffic for faster detection and instant forensics: Reveal(x) 360 captures and decrypts packets for instant access to forensic details in any investigation. It integrates with other foundational components of an XDR framework to correlate network forensics with other data sources for a complete view of the attack campaign.
  4. Achieve greater MITRE ATT&CK security coverage: If you want to detect every attacker technique on the MITRE framework, you need NDR in your lineup. ExtraHop is the only NDR provider listed as a contributor to the MITRE ATT&CK framework, and ATT&CK is integrated directly into our Reveal(x) 360 user interface.
  5. Gain a passive, always-current inventory of every device: The CIS controls (v8, 2021) recommends a passive asset discovery tool to identify assets connected to the network. Reveal(x) NDR delivers this promise, assuring always-up-to-date inventory and complete monitoring coverage.
  6. Automate response through SOAR, SIEM, Firewall, and EDR Partners: Reveal(x) 360 uses robust REST APIs and our OpenDataStream technology to enable turnkey integration with every foundational tool in the XDR lineup of your choice to enable rapid, automated response to threats, using the technology that best meets your needs.

Read the official press release from Exabeam about the XDR Alliance, or learn more about how ExtraHop integrates tightly with SIEM vendors, EDR vendors, and other vital providers for building a truly open XDR architecture.

Related Blogs

Sign Up to Stay Informed