Bitdefender today expanded its eXtended endpoint detection and response (XEDR) capabilities to what it claims is a native extended detection and response (XDR) platform.

The move has plunged the vendor into the native vs. open XDR battle. In fact, Amy Blackshaw, VP of product and technical marketing at Bitdefender, claimed that native XDR is “the most valuable flavor” and open XDR is “a defensive mechanism.”

The GravityZone XDR platform expanded the EDR capabilities across productivity applications, clouds, identity sources, and network data to “provides the right amount of intelligent data to be leveraged in security analytics to ultimately shorten the [attacker] dwell time,” Blackshaw told SDxCentral.

“We have taken the approach of using our award-winning GravityZone detection and response capabilities layered on top of our preventative technology, and created additional sensors that are automatically integrated into the platform to bring back information from across an organization's infrastructure,” she added.

Bitdefender’s journey from EDR to XDR started in 2018 when the security vendor introduced EDR as part of its GravityZone platform. Later last summer, the company added the endpoint correlation and network data collection capabilities to the EDR platform and branded it as XEDR. The reason they didn’t use the buzzword XDR is because “​​the team really believed that customers needed an on-ramp to move from EDR into XDR," according to Blackshaw, adding that the vendor worked with its customers to complete their journey to XDR with additional sensor types.

Forrester named Bitdefender as Strong Performers in its latest EDR provider wave report. And many of the vendor’s competitors including CrowdStrike, Microsoft, Trend Micro, Trellix, SentinelOne, and Palo Alto Networks all launched or increased their investments in XDR platforms.

Blackshaw touted Bitdefender’s native XDR approach as a differentiator, and it’s a “comprehensive single vendor for observation abilities” with “best in class prevention capabilities.”

Security vendors define a native XDR platform differently. According to Forrester, the native XDR is “an XDR suite that integrates with other security tools from their portfolio for the collection of other forms of telemetry and execution of response actions related to that telemetry.” 

XDR commonly combines elements of security information and event management (SIEM), security orchestration, automation and response (SOAR), endpoint detection and response (EDR), and network traffic analysis (NTA) in a software-as-a-service (SaaS) platform to centralize security data and incident response.

Bitdefender offers most of those capabilities natively, but partners with SIEM vendors to pull in logs for its investigation or detection capability.

“​​But I do believe that's a separate use case [from XDR] where there's overlap as in the threat detection responses case,” Blackshaw explained. “That compliance use case of SIEM isn't covered by XDR, or at least not yet.”

There is an ongoing discussion about native and open/hybrid XDR, and which one is better.

“Native means we own the technology that is needed to be deployed,” Blackshaw said. “The vendor owns not only the security analytics and the brain layer, it also owns the tools and the technology across the infrastructure to do detections at the place of origin.”

On the contrary, open XDR vendors usually only own the security analytics layer and require customers to bring their data or integrate with security tools customers are already using to offer XDR capabilities, she added.

“​​Open XDR vendors are basically saying, 'Throw your data into this data lake.' Well, you don't know how good that data is. So we take a little bit of concern with that approach,” Blackshaw said. 

She also argued that vendors that don’t have the full stack of technologies normally have to enter the open space to best serve their customers. 

“​​That's a defensive mechanism because they don't want to lose their market share to XDR vendors,” Blackshaw said, adding that time will show customers need a high-fidelity detection and response and a native approach for XDR.