Corelight has cemented partnerships with incident response firms and extended its capabilities from large enterprises to midsized enterprises to further the reach of its technology. Corelight allows its product to be used by CrowdStrike's incident response team during network-based investigations.
Microsoft and CrowdStrike once again dominate Gartner's Magic Quadrant for Endpoint Protection. Cybereason has risen to the leaders quadrant and Trellix has fallen to a niche player. The endpoint protection market has rapidly matured in recent years - 50% of organizations have already adopted EDR.
Managed detection and response titan Deepwatch has received a $180 million investment to strengthen its threat analytics, user interface and security scoring for clients. The money from Splunk, Springcoast and Vista will allow Deepwatch to invest in R&D, platform innovation and threat intelligence.
Secureworks has axed roughly 210 employees, and CFO Paul Parrish and Chief Threat Intelligence Officer Barry Hensley are leaving their posts. Secureworks revealed plan to reduce its 2,351-person staff by approximately 9% to help balance continued growth with improved operating margins.
Companies can be blinded by their inside-out view and often benefit from another set of eyes that see their business the same way an attacker would, says IBM's Mary O'Brien. IBM's acquisition of attack surface management firm Randori gives clients another view of areas that need to be remediated.
Incumbent XDR platforms target large enterprises with access to a full security operations center, threat hunters and incident response teams, says Bitdefender CEO Florin Talpes. But firms looking to successfully serve the SMB market need to modify their XDR tools to address the skills shortage.
Trellix will debut a console that offers endpoint, security operations and data protection capabilities and a plug-in for network detection and response. The company has moved FireEye's best-in-class detection engines to the cloud for NDR and examined how to address areas such as packet capture.
eSentire has used the $325 million it received in February to leverage data from its Atlas XDR platform and strengthen customers' positions around cyber resiliency. The Kitchener, Canada-based company has shifted its focus from alerts and data to business worries and business risk.
Cybereason has gone all-in on helping customers mitigate threats beyond the endpoint to minimize the impact of ongoing SOC staffing challenges, CEO Lior Div says. The company's focus on tracking and following malicious operations sets Cybereason's approach to XDR apart from rivals.
Businesses should capitalize on AI, ML and robotic process automation to address every event rather than just ignoring the ones deemed unimportant by a SIEM. Palo Alto Networks founder and CTO Nir Zuk says AI can be used to probe security incidents in real time rather than waiting for a breach.
Speaking at the company's annual conference, Palo Alto Networks CEO Nikesh Arora urged the industry to move away from the alert triage model popularized by SIEM. SIEM tools have for decades highlighted alerts for SOC analysts to focus on, but the most important ones are getting ignored, he warns.
A surging Microsoft has leapfrogged to the top of the SIEM Gartner Magic Quadrant, catapulting past security operations stalwarts IBM, Splunk, Securonix and Exabeam. Microsoft has climbed from being named a visionary by Gartner last year to crushing the SIEM market in execution ability this year.
Welcome to the report summarizing
the survey: XDR: Overcoming the
Challenges of Detection and Response.
More than just survey results, this report offers expert analysis of what
organizations perceive to be the main challenges around detection and
response and their response to those challenges, including use...
Security operations stalwart Arctic Wolf has taken on more than $400 million in debt to pursue acquisitions in the cloud, SIEM, endpoint and XDR markets. The money will fuel an upcoming launch in the Asia-Pacific region and expansion in markets such as South Africa, Benelux and the Nordics.
Qualys has purchased a startup founded by longtime Qualcomm leaders to help detect supply chain infections, crypto miners and unauthorized activity in the cloud. The deal will allow customers to detect active exploitation, identify advanced threats and create an adaptive risk mitigation program.