FireEye is the latest vendor to join the increasingly crowded extended detection and response (XDR) market by introducing its own unified platform. It aims to provide threat detection and response capabilities across endpoint, network, email, and cloud, as well as support for more than 600 native and third-party security tools.

“One of the big things that I hear directly from customers is the breath that we can bring in,” said Michelle Salvado, SVP of engineering at FireEye. She explained that FireEye’s analytics engine from the XDR platform correlates all the alerts, event data, and telemetry into actionable investigations, and then highlight threats with risk scores, which makes it easy for customers to see the threats that they need to look at.

The FireEye XDR platform includes its FireEye Helix security operations software and any combination of its endpoint, network, email, and cloud products. The Helix platform provides security orchestration, automation and response (SOAR), security incident and event management (SIEM), and correlation capabilities along with threat intelligence functions from Madiant. 

The company also weaved other recent acquisitions into its XDR platform. FireEye acquired Cloudvisory last year, which provides visibility into cloud environments, Salvado explained 

She added that the Mandiant Automated Defense platform was from the Respond acquisition, which works as an additional engine that can plug into the Helix engine. It is an add-on to the XDR platform. 

According to FireEye, its XDR platform is best suited for enterprise and mid-market security operations teams that are increasingly at risk from cyberattacks. 

“We kicked off this cybersecurity supercycle,” Salvado said. Traditionally, companies in the mid-market and below haven’t prioritized security, she added. Instead, they use compliance-based and “set it and forget it” strategies. 

However, with ransomware ramping up, those companies with limited staff and budget are much more interested in finding effective security solutions that are easy to maintain and deploy, she added.

Salvado explained that for customers who try to improve their security posture but without huge staff, the FireEye XDR platform can bring visibility across their environment, protect the core vectors, and integrate with pieces from other vendors. She emphasized that they have always focused their efforts on driving the outcomes. 

Security vendors including Palo Alto Networks, Fortinet, Cisco, and VMware already launched or increased their investments in XDR platforms. As the latest one to pivot to XDR, Salvado said FireEye’s experience and background give them an advantage. 

“We know that no matter how hard you work to protect, you're not going to protect 100%, so we have a heavy focus on that detection piece,” she said, adding that in the evolution of all their products, they have started with detection first, then moved on to prevention, and that is where they differentiate with other XDR vendors.

The FireEye XDR platform is delivered via cloud subscription licenses with various consumption options.

The company plans to introduce additional features over the next few quarters, including enhanced endpoint cloud capabilities, Helix upgraded dashboards and threat graphing capabilities, additional support for leading third-party security tools, as well as continued integration with its Mandiant Advantage platform.