CrowdStrike added new members — Cloudflare, Armis, and ThreatWarrior — to its extended detection and response (XDR) alliance in a move that CTO Michael Sentonas says defines “the standard for what XDR technology should be.”

The cybersecurity vendor announced its CrowdXDR Alliance at Fal.Con 2021 in the fall. Launch partners included Google Cloud, Okta, ServiceNow, Zscaler, Netskope, Proofpoint, Extrahop, Mimecast, Claroty, and Corelight.

The group aims to develop a common XDR language for data sharing between security tools and processes, and it builds on CrowdStrike’s goal of shared telemetry for threat hunting while using that data in a structured way.

Adding three new members will expand the alliance’s telemetry sources across cloud (Cloudflare), IoT (Armis), and network (ThreatWarrior), wrote CrowdStrike’s Anne Aarness in a blog post.

“Lack of visibility of unmanaged assets presents a significant gap in security strategy,” Armis CTO and co-founder Nadir Izrael said in a statement. “Through our integration, which combines device details from Falcon sensors with device details gathered by Armis, we are able to deliver a comprehensive view of every managed and unmanaged asset in the customer’s environment.”

Armis, which Deloitte recently named the fastest-growing cybersecurity software company in North America, previously claimed its asset management product can see almost five times more assets — this includes laptops, servers, clouds, virtual machines, and IoT devices — compared to standalone endpoint security tools from CrowdStrike and other vendors.

Cloudflare says its network spans more than 250 cities in more than 100 countries and blocks an average of 76 billion cyber threats each day. Joining the XDR alliance will combine Cloudflare’s global network with CrowdStrike’s endpoint “to help mutual customers stop cyberattacks anywhere in their network,” Cloudflare CTO John Graham-Cumming said in a statement.

CrowdStrike claims this ability to ingest third-party data makes its XDR unique. But even before launching CrowdXDR, CrowdStrike steadily rolled out integrations with other leading security vendors over the course of this year to boost its threat detection and response capabilities.

In March, Zscaler and CrowdStrike added integrations for joint customers that the partners say provide identity-centric and zero-trust security across data, people, devices, workloads, and networks.

A couple months later, Google Cloud and CrowdStrike announced a deal to share telemetry and data between Google Cloud’s security products and CrowdStrike’s Falcon platform. At the time, Google VP of Cloud Security described it as “beyond XDR.”

Still, the endpoint security vendor has a complicated relationship with XDR. “I cringe a little bit when people talk about XDR because they are using it incorrectly,” CrowdStrike CTO Mike Sentonas said in an earlier interview. “XDR is a term that gets thrown around and really badly abused by the industry because it’s a hot topic.”

And despite acquiring Humio in February to boost its XDR capabilities, CrowdStrike didn’t formally announce its XDR module until October. Despite its late formal entry into the market, Sentonas says CrowdStrike “has been doing what a lot of the industry aspires to do with XDR for a number of years now.”

It seems to be on the right track. According to Forrester’s inaugural XDR research, CrowdStrike is a “strong performer” along with Palo Alto Networks. For the record: Forrester named Trend Micro and Microsoft as the two XDR market leaders.