Cybereason joined the extended detection and response party this week with its XDR that fuses endpoint telemetry with behavioral analytics.

While XDR has been the “holy grail of security for decades,” it’s still a newish sector and most vendors don’t yet offer all of its capabilities in one complete stack — although some are headed that direction. It combines elements of security information and event management (SIEM), security orchestration, automation and response (SOAR), endpoint detection and response (EDR), and network traffic analysis (NTA) in a software-as-a-service (SaaS) platform to centralize security data and incident response.

Cybereason’s an EDR vendor, and while it doesn’t have in-house SIEM and SOAR capabilities, its XDR focuses on what it does best: detection and response, and proactive threat hunting. And it extends these capabilities from the endpoints across the enterprise IT environment spanning on premises, clouds, and mobile.

The XDR product also follows Cybereason’s new Breach Protection Warranty that provides up to $1 million in coverage to customers in the event of a breach.

The company also has ambitions plans to add enhanced support for firewalls, virtual private network activity, cloud access security brokers (CASBs), secure access service edge (SASE), and more visibility into containerized environments.

Cybereason XDR pulls data from customers’ existing SIEMs and other sources, both through a partner program and open APIs, and breaks down security operations’ disparate tools for each asset such as endpoint, cloud, mobile, and cloud identities, said Yonatan Striem-Amit, Cybereason CTO and co-founder. This makes it easier for defenders to identify and stop any malicious operations, or malops, across the entire IT stack, he added.

“We don’t think XDR needs to replace your SEIM and replace your SOAR — your SEIM is driving many use cases around log retention,” Striem-Amit said. “But instead of just dumping your logs into one database and hoping something magical happens, our XDR brings all those systems into that singular, cohesive threat model to tell you what is happening by focusing on the malop, the behavior, and telling you how you break the silos.”

This approach provides unified visibility across the entire network, and after the platform detects malops it also provides on-click mitigation across an organization’s environment, he added.

The whole point of XDR is to improve threat detection by correlating threat intelligence across security products and provide visibility across networks, clouds, and endpoints. This becomes increasingly important as security operations teams are famously understaffed and, now because of the pandemic, working longer hours and feeling more stressed out that before COVID-19 hit.

“How do you take the existing talent that you have and improve their productivity so that they can catch more, act in a faster manner, and prevent fewer bad things from happening? Cybereason has done that well with the customers that they’ve had, and now they’re looking to expand that,” IDC Research VP Michael Suby said. “Cybereason is taking what they’ve done well, which is having a deep understanding of activities on endpoints and expanding into other environments.”

However, Cybereason is hardly the first endpoint security vendor — or any kind of security vendor, for that matter — to move into the hot, new XDR space. It joins SentinelOne, Trend Micro, Cisco, McAfee, Palo Alto Networks, Microsoft, CrowdStrike, Symantec, and VMware, among other smaller vendors and startups.

Striem-Amit says Cybereason’s open approach to XDR that recognizes customers use multiple different security vendors and tools gives it a competitive advantage, and that this strategy will ultimately win in the market.

“Many people in the industry are talking about XDR, and it’s really suite play from one vendor giving you a suite of tools and saying the integration of these together is the XDR story,” he said. “However, modern enterprises aren’t comprised from a single vendor solution. The customer can have multiple firewalls, multiple cloud providers, and use multiple solutions from those cloud providers. The customer may use many SaaS solutions out there. And that kind of openness and bringing the best-of-breed solutions is critical, as opposed to saying if you want to enjoy the XDR benefits, you really need to buy the full suite from us.”

While a platform approach to XDR will appeal to some customers, others will prefer the best-of-breed approach, Suby said. And ultimately, even platform vendors will need some degree of interoperability with third-party tools in customers’ environments.

“Nobody is going to provide everything that all customers will want,” he said. “There still be some amount of collaborating, integrating with other solutions, so Cybereason will still have an opportunity to play.”