There’s a new cybersecurity alliance in town and this one, led by Exabeam, aims to develop an open extended detection and response (XDR) framework and architecture.

Armis, Expel, ExtraHop, Google Cloud Security, Mimecast, Netskope, and SentinelOne make up the XDR Alliance’s other founding members.

XDR combines elements of security information and event management (SIEM); security orchestration, automation, and response (SOAR); endpoint detection and response (EDR); and network traffic analysis (NTA) into a cloud-based platform. This centralizes security data, threat hunting, and incident response.

Lately, the great debate over “open” versus “closed” XDR has reached a fever pitch, but even vendors that claim an open XDR platform can’t seem to agree on what open XDR means.

The XDR Alliance aims to clear up the confusion while helping organizations — many of which are these security vendors’ joint customers — better protect themselves against increasingly destructive cyberattacks and breaches.

The group’s charter includes defining an open XDR framework and architecture that works for end users, helping SecOps teams integrate and better align with new and evolving applications and technologies, ensuring interoperability across the XDR security vendor solutions set, and collaborating on XDR market education and awareness.

To this end, the XDR Alliance developed a three-tier model focusing on the core components of the XDR stack:

• Data sources and control points – This refers to the security tooling that generates telemetry, logs, and alerts, and acts as a control point for response.
• XDR engine – This tier is the engine that ingests all the collected data and performs broad threat detection, investigation, and response for security operations centers (SOCs).
• Content – This includes the pre-packaged content and workflows that allow security organizations to deliver on required use cases with maximum efficiency and automation.

The alliance members span SecOps subcategories including security analytics, SIEM, endpoint, identity management, email, cloud, network, OT/IoT, threat detection investigation and response (TDIR), network detection and response (NDR), as well as managed security service providers (MSSPs).

The alliance comes a couple months after Exabeam launched its own XDR platform.

Several of these vendors already partner on threat exchange and to fill gaps in their respective XDR technology stacks. Many of them also compete in some of the SecOps subcategories. Google Cloud Security also has a SIEM component with Chronicle, and it recently announced an XDR-like partnership with CrowdStrike.

Meanwhile SentinelOne, which provides XDR, historically compete with their endpoint security technology.

Exabeam Chief Strategy Officer Gorka Sadowski, who also founded the XDR Alliance, gave a nod to this competition in a bold statement at the group’s launch.

“History will look back and declare how well the cybersecurity industry succeeded in putting collaboration above competition to help protect our organizations and institutions,” Sadowski said. “We are at an inflection point with an extremely fragmented industry that requires all of us in the vendor community to come together to strengthen organizations’ SOCs.”

However, the XDR Alliance isn’t the only cybersecurity group taking on industry fragmentation. The Open Cybersecurity Alliance, spearheaded by IBM and McAfee, aims to make the myriad security products on the market interoperable using open source code as well as open standards and protocols.

UPDATE: This story has been updated to remove CrowdStrike as a member of the XDR Alliance.