Last week, we announced our Series C round of funding, a significant step in becoming a leading player in the security market. Some observant readers paid attention to the fact that we have been spending less time discussing XDR or “Open XDR” when referring to our platform, instead just calling it a “SOC Platform.” We wanted to take the opportunity to explain the shift in our thinking here.
The XDR Hype Cycle
XDR (Extended Detection and Response) was coined in 2018 by Palo Alto Networks, describing an approach that breaks down traditional security silos (network, endpoint, cloud, etc.) to deliver detection and response across all data sources. The adoption of the XDR term by the security industry, led by analyst firms, increased in 2020 when multiple companies launched very different products and services under the premise of XDR, as described in analyst company reports.
Last year, when Hunters announced the launch of our “Open XDR” platform, we were fully bought on the XDR story. Companies have a need to break up siloed security data as a way to improve threat detection, investigation and response. Our “open” approach related to our platform being vendor-agnostic, i.e. able to ingest data from any data source (security and IT), then normalizing it and actively cross-correlating it to find real incidents.
With the market hype, an unfortunate result was that some of the new terminology began confusing customers. Analyst firms came up with different definitions to XDR – from having to be rooted in EDR data to being an alternative to SIEM. Analysts and security marketers (including yours truly) spent many hours on social media debating the different definitions of XDR. And the customers? They were left perplexed or indifferent to the industry’s naming games. In the fall of last year, when I participated in an XDR panel led by a former Gartner Analyst, I complained about the confusion in the market around the XDR term and pleaded to the analyst to make some clear directives around the definition.
Over the past few months, we have gone on an extensive journey. We met with hundreds of CISOs and security leaders in virtual roundtables and in person. We asked them about the changes their organizations are going through, their challenges, and the opportunities they encounter. Many described similar realities: hiring and retaining talent in general, and specifically in the SOC is harder than ever, while the complexity of defending the IT environment is also growing.
Many security leaders are rethinking the combinations of people-processes-technologies working on threat detection and response (TD&R) in order to serve better outcomes that are critical to their businesses. They are now assessing the shortcomings of current technologies when it comes to serving the people and processes of the SOC.
Data is the first area where organizations see the shortcomings of their current approach. Organizations realize that data ingestion, storage, and retention is a basic requirement to an effective TD&R. At the same time, many are forced to compromise data retention and sources of data to minimize spend on data – a compromise that’s no longer needed in the era of affordable, predictable data storage solutions built for the cloud like Snowflake.
A second pain comes around the different skills needed in a SOC to perform the required tasks. From data engineering (piping the data into a SIEM) to security engineering (building queries and rules to alert on specific activities) to managing response playbooks, all tools require significant overhead that holds security teams back from streamlining a robust threat management program.
When speaking to people managing SOCs, we hear similar frustrations. A common theme: this overhead is holding them back from improving their time to properly respond to real incidents.
A SOC Platform
As our customer base grows, we have chosen a clearer path when it comes to describing the work that we do – using less ambiguous terminology and focusing first and foremost on outcomes. As a SOC platform, we serve the people who work in security operations. Our job is to anticipate their needs, improve their environment and help them achieve better results.
We’d like to be clear on what our technology can do and how it can help, while being mindful of industry jargon that can confuse users. What Hunters SOC Platform does –
- Covers the Entire Attack Surface
We developed a vendor-agnostic data ingestion and normalization capability that works across all security and IT tools. Leveraging modern, and cost-effective cloud-based data infrastructure such as Snowflake enables organizations to stop compromising on data ingestion and retention.
- Empowers Security Teams
Hunters’ built-in detection engineering, data correlation, and automatic investigation helps SOC teams overcome volume, complexity, and false positives.
- Minimizes Security Risk
Our platform reduces overall security risk by mitigating real threats faster and more reliably than SIEMs, as it improves MTTD and MTTR.
We built the Hunters platform to take a holistic approach to the challenges of today’s security operations. Our goal is to empower security teams to automatically identify and respond to incidents that matter across your attack surface.