With GravityZone, Bitdefender enters the XDR market

Bitdefender jumped into the XDR battle with a native offering under the GravityZone XDR banner. Designed to be made available to cybersecurity teams very quickly, the product offers features such as rapid cross-correlation threat detection, which is based on mathematics and behavioral analysis, the initial stages of attack and abnormal behaviors of applications and identities to detect advanced threats. These capabilities are in addition to automatic threat identification and prioritization that works with an integrated incident advisor. The latter is able to analyze the root causes and context of threats, allowing security teams of all sizes and skills to visualize threat detections, understand the impact of a threat on operations and take recommended actions to contain or eliminate threats, all from a single view.

A user interface built with customers

Additionally, recommended actions to respond to threats targeting endpoints, identities, email, cloud, and applications can be resolved with a single click. “Security technology can already seem insurmountable for a specialized analyst, so what about the layman! That’s why we built the UI together with our customers as part of an early access program,” explained Amy Blackshaw, VP of Product and Technical Marketing at Bitdefender. “Clients engaged with us day in and day out, not only on the capabilities and problems they were trying to solve, but also on how they wanted to consume the information from a UI and UX perspective, hence this result. very intuitive,” she added.

Adoption that leverages existing investments

“In their XDR adoption journey, enterprises want to build on their existing cybersecurity investments,” said Michael Suby, vice president of research at IDC, in a statement. “They also want XDR to deliver tangible results, including reducing attacker dwell time and improving SOC efficiency. By adding features like pre-built detections in sensors (to avoid custom tuning), root cause analysis, and alert prioritization, Bitdefender achieves both of these goals.” “GravityZone XDR excels at connecting and correlating incidents over time across operations, and we’ve found immediate value in that,” said Mahmood Haq, CISO at MyVest, a wealth management firm. However, “one should not overestimate the benefits of a single-vendor solution with out-of-the-box detection capabilities to identify and investigate known and unknown threats and provide our analysts with insight into what happened and how an incident happened with the best ways to respond,” he added.

Native system-wide control

“Today, many implementations are done in native XDR from the vendor’s toolset,” noted Allie Mellen, analyst at Forrester. “It makes a lot of sense, given that integrating other tools from another third-party ecosystem presents the same challenges that had arisen with SIEM,” she said. “As soon as you want to optimize flexibility and modularity, it becomes difficult to control the quality of protection and provide continuous detection. Native XDR has caught on with many vendors because it allows them to control what goes in and out of the system to optimize detection,” the analyst added. Open or hybrid XDR offer alternatives to native XDR. “An open XDR vendor focuses on the security analysis layer, but doesn’t own the downstream security stack,” explained Amy Blackshaw. “It works by integrating technology from other vendors, typically through alliances or an ecosystem of security vendors. One positive aspect of the hybrid XDR is that it can mix best-of-breed apps with its offering. However, customers are less demanding on best-of-breed than they used to be and many providers offering a platform-like approach already have the best tools on the market,” added the vice-president of the product and technical marketing of Bitdefender.