We are excited to share that Microsoft has been named a Leader in The Forrester New Wave™: Extended Detection and Response (XDR), Q4, 2021,1 receiving one of the highest scores in the strategy category. Microsoft 365 Defender was rated as “differentiated” in seven criteria including detection, investigation, and response, and remediation.
Forrester notes that “there is a deep divide in the XDR market between those far along the path and those just starting to deliver on the vision of XDR,” and that of mature providers “combine the best elements of their portfolios, including industry-leading products, to simplify incident response and build targeted, high-efficacy detections.”
The XDR market category recognizes that while endpoint detection and response (EDR) is important, it is insufficient as the only method to protect against evolving threats in 2021. XDR extends EDR to include many additional known sources of telemetry including identities, applications, and cloud infrastructure and then uses AI to correlate and prioritize threats.
Microsoft’s XDR strategy
Microsoft’s strategy for XDR is to create the most comprehensive solution—collecting signals from multi-platform sources including Windows, Linux, iOS, Android, and macOS, and multi-cloud deployments including Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) coupled with built-in AI, automation, and prevention capabilities.
Microsoft’s approach with our XDR products Microsoft 365 Defender and Azure Defender is to simplify and empower the security operations team with a cloud-hosted, integrated experience that maximizes the time defenders spend thwarting attackers. We also provide the best data set while minimizing the time required on lower-impact activities such as integrating and maintaining systems.
The key to helping security teams is powerful automation to normalize your data, analyzing it, and correlating seemingly unrelated alerts into incidents. AI, playbooks, and automatic remediation help you free up your time to focus on applying your organizational expertise to proactive hunting and prevention.
There is a narrative in the market led by vendors with either XDR or SIEM capabilities that one will over time replace the other. Microsoft’s perspective is that customers need the combination of both SIEM and XDR, delivered differently than it has been in the past. Our SIEM, Azure Sentinel, compliments our XDR capabilities extending them to any source of data and custom threat intelligence. Azure Sentinel is dependently integrated with our XDR platforms so unique incidents can be shared across tools.
We are thankful for our customers and partners and the feedback you provide us on how to improve the product. We’re thrilled by the recognition of this placement and dedicated to continuing to deliver innovation to help you defend against threats. We’re continuing to add threat intelligence, always looking for opportunities to further integrate and simplify, pushing the boundaries of AI, and delivering at cloud speed and cloud-scale. Our 8,500 security experts monitor known groups and attack types at all times to provide you with the latest recommendations, mitigations, and prevention strategies. Our broad ecosystem of partners is ready to help.
Learn more
Watch our Microsoft Mechanics video on our integrated SIEM and XDR capabilities, and learn more about our security solutions:
You can download The Forrester New Wave™: Extended Detection and Response (XDR), Q4 2021 complimentary report to learn more about our position as a Leader. We thank our customers and partners for their support and commitment to innovation with us on this journey.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1The Forrester New Wave™: Extended Detection and Response (XDR), Q4 2021, Allie Mellen, October 13, 2021.
This graphic was published as part of a larger research document and should be evaluated in context of the entire documents. The Forrester document is available upon request here.