The Ingenuity of Turning any EDR Solution into a Powerful Open XDR System

In Frost & Sullivan’s “Frost Radar™: Extended Detection and Response 2023” report, the business consulting and market research firm lists Stellar Cyber as an innovator in the endpoint detection and response (EDR) field. Notably, it is the only non-EDR company lauded for its trailblazing approach to developing endpoint detection and response technology to address modern threats. 

“Stellar Cyber XDR is designed with simplicity and quick onboarding in mind and provides heavy support so customers can operate the solution within only a few hours,” the report writes. It also notes that the firm takes advantage of the MSSP channel to become more appealing to small and midsize businesses, which helped it achieve strong market acceptance.

Stellar Cyber’s innovation, as acknowledged by one of the leading growth strategy companies in the world, merits attention for demonstrating ingenuity in responding to modern cyber threats organizations inevitably have to face. The emphasis on EDR is particularly important because of the rapid growth of endpoints in modern enterprises, which create more potential attack surfaces.

Leading in vendor-agnostic integration

Stellar Cyber’s VP of Product Sam Jones highlights the innovation his company is bringing to cybersecurity, noting how competitors are slowly coming to Stellar Cyber’s Open XDR concept, especially in terms of integrating with more data sources. “We have committed to incorporating new data sources that customers request within two weeks, and we are working constantly to maintain our leadership in vendor-agnostic integration,” Jones says.

For emphasis, Stellar Cyber’s solution is called Open XDR. It is an evolution of XDR, which Frost Radar highlights for its impressive growth and ability to provide enhanced analytics, data integration, security visibility, automation, and flexibility. Open XDR ups the ante by bringing together more data from various sources to bolster threat detection accuracy and response agility. It integrates the data generated by security solutions from different vendors to maximize the benefits of the security products already used by an organization.

Most other security providers cited in Frost Radar focus on EDR and XDR. Stellar Cyber is one of the few that advance the concept of Open XDR, alongside Sekoia and Trellix. Frost Radar praises Sekoia for outpacing industry-average growth rates because of its innovative open XDR approach. Meanwhile, Trellix is not exactly using the “Open XDR” term for its product, but it essentially espouses core Open XDR functions by openly integrating data from over a thousand third-party sources out of the box and ensuring a multi-vendor and multi-vector approach in threat detection and prioritization.

Turning any EDR into an Open XDR solution

There are several other companies mentioned in the Frost Radar EDR report that also integrate data from other security solutions. These include the big guns such as Kaspersky, Microsoft, and Sentinel One. Secureworks and Cybereason also score high in the report’s innovation and growth indices.

However, Stellar Cyber’s Open XDR solution stands out because it does not only bring security data together to create a unified security operation with extensive security visibility and agile detection and response capabilities. It can do all of these by turning an existing EDR solution into Open XDR.

Stellar developed this approach in recognition of the pros and cons of the “Build/Acquire Everything” and “Integrate with Everything” models. In the former, security products from different providers are pieced together to create a unified, coherent, and consistent platform for threat detection and response. It ensures a comprehensive but intuitive experience by providing a singular dashboard to handle EDR tasks. In contrast, the latter model makes it possible for organizations to get rid of virtually all limitations in integrating multiple disparate security tools. It allows organizations to come up with infinite combinations of security tools to find one that suits their needs best.

“Build/Acquire Everything” may appear limited, but it provides better usability because organizations can readily use the extended detection and response solution built out of this model. However, it holds back the idea of being vendor-agnostic since the provider is the one that chooses what EDR, Network Detection and Response (NDR), Security Information and Event Management (SIEM), Threat Intelligence Platform (TIP), and other tools to put together. Organizations do not need to have the expertise and experience to pick the best solutions to integrate. The problem is if the provider uses mediocre or inferior tools.

The “Integrate with Everything” model provides the most flexible option for integrating different solutions. However, it also requires knowledge and experience in the best security tools, something not many organizations have given the ongoing cybersecurity skills shortage that is expected to worsen because of the current global economic situation.

Stellar Cyber offers a combination of both models to maximize the advantages and minimize the drawbacks. Specifically, Stellar Cyber provides an Open XDR platform that readily has NDR, TIP, and SIEM functions as well as AI-driven threat detection and response capabilities. All of these can be integrated with the EDR solution an organization chooses. Intrusion Detection System (IDS) and User Entity Behavior Analytics (UEBA) tools may also be sourced from third-party providers.

Stellar Cyber developed a special AI engine and an API to ensure the seamless integration of these multiple disjointed tools. The artificial intelligence system makes it possible to quickly correlate data and processes to dramatically improve detection accuracy and bring the number of false positives to the lowest it can get. Meanwhile, the specially built API ensures frictionless integration with thousands of third-party tools.

Why build a platform around third-party EDR?

Stellar Cyber has not explicitly stated the reason why they decided to have EDR as its anchor third-party solution. They could have built their own EDR system and created an Open XDR platform that integrates other third-party tools with it. However, it’s easy to interpolate the justification for this model.

First, EDR is already an established sector in the cybersecurity market. There are numerous EDR solutions available and many of them have built undeniable expertise in the field over the years. Many organizations are already using these solutions, and the last thing they need is to abandon a product they have invested resources in to adopt a new solution that provides the same EDR functions but with a few enhancements. The switch is going to be costly and will likely require additional training to onboard everyone in the new system.

Another important reason to build an Open XDR solution around a third-party EDR is the complex nature of existing EDR solutions. The EDR products on the market are rarely the same, so Stellar Cyber focused on making many security tools integrable with them instead of creating a new EDR product that integrates with other security tools. Again, EDR is already a long-established field, so organizations have already developed their respective preferences for EDRs to use. It is more intuitive for them to keep their preferred EDR and integrate newer security technologies than to switch to a new EDR whose capabilities are yet to be tested and proven.

With all of these, there should be no doubt that Stellar Cyber earned its place in Frost Radar’s list of noteworthy endpoint detection and response solutions. The security provider has made Open XDR an attractive option because of its intuitiveness and seamless integration. It also makes excellent sense from a business perspective, as it allows Stellar Cyber to attract more potential users among those who have existing EDR solutions deployed.