The XDR Alliance is a group of best-in-class security and information technology providers organized to help security teams easily design and implement effective threat detection, investigation, and response (TDIR) capabilities using the XDR approach.
XDR stands for Extended Detection and Response. It provides a simple, threat-centric approach to threat detection, investigation, and response (TDIR) using the data and capabilities from security products like endpoint, network, cloud, and more.
Building an effective TDIR workflow has become incredibly complex. It involves identifying and integrating dozens of best-in-class products into a functional security framework.
The XDR Alliance is a group of security and information technology providers who have organized to help customers more easily define, implement, and operate effective threat detection, investigation, and response (TDIR) programs and technology stacks. Our goal is to foster a more open approach to extended detection and response (XDR), inclusive of best-of-breed and native solutions, to enable organizations everywhere to better protect themselves against the growing number of cyberattacks, breaches, and intrusions.
Define, promote, and evolve an inclusive and open XDR definition and architecture, that meets the needs of end users today and into the future
Raise awareness of XDR approaches and best practices
Help drive improvements in XDR tools and services
Promote an open and inclusive approach to XDR via education and joint marketing activities
Today’s security teams are tasked with delivering an effective TDIR program based on a complex web of security products. The average SOC uses 19 tools and must integrate them into a centralized system and set of workflows. Add to this, there's a lot of confusion in the market about what XDR is and what XDR isn't. A core initiative of the XDR Alliance is to alleviate this and provide an open architectural view. This open XDR architecture supports native and best-of-breed technologies end users can deploy as part of their threat detection, investigation, and response (TDIR) effort.
Access the Common Information Model (CIM) on GitHub
Data Sources & Control Points
This tier is made up of best-in-class security solutions
This tier is the TDIR foundation for XDR platforms
This tier includes prescriptive, prepackaged content that enriches and drives TDIR workflows and outcomes
With this architecture, the XDR Alliance is providing the market a view into the security tools to monitor, generate security telemetry, and perform corrective actions as part of an incident response workflow. The architecture is open, inclusive of native and/or best-of-breed solutions, which combine to provide the TDIR capabilities needed to detect threats, guide investigations, and orchestrate responses within SOC operations.
Security and information technology providers that are interested in helping end users build more effective security programs using an XDR approach are invited to join us. If this sounds like your organization, come join us!
Member Eligibility Requirements
XDR Alliance Releases New Open-source API Specifications to Help Cybersecurity Vendors Improve Solution IntegrationRead the Press Release
XDR Alliance Welcomes New MSSP and MDR Members Committed to Open XDR Framework in CybersecurityRead the Press Release
XDR Alliance Celebrates First Anniversary, Releases Open Source Common Information Model (CIM)Read the Press Release
XDR Alliance Welcomes New Member VMwareRead the Press Release
XDR Alliance Welcomes New Members to Advance an Open XDR FrameworkRead the Press Release
Exabeam Announces the XDR Alliance to Ensure Industrywide Collaborative Framework for CybersecurityRead the Press Release