Crowdstrike XDR Alliance is a unified and open Extended Detection and Response (XDR) coalition formed with security and IT operations leaders offers first of it’s kind integrated solutions for joint customers to protect their organizations from sophisticated cyber adversaries in a rapidly evolving threat landscape.
They join forces with Google Cloud, Service Now Okta, ZScaler, and others. This sounds good to me.
https://finance.yahoo.com/news/crowdstrike-joins-forces-saas…
Razz
I’ve read a few reports, no one I’d like to quote, stating that this Alliance with all these notable partners includes Crowdstrike now ingesting threat intelligence from these partners?
Some of the noted partners include:
Google Cloud, Service Now Okta, ZScaler
I’m looking for confirmation and wondering if these partners are willing to share in real time will they also share in real time with Cloudflare, for example.
Wow, fast moving and potentially leveling the playing field rather than elevating just Crowstrike as many reports and the 7% rise seem to suggest.
Hmmm,
Jason
"I’ve read a few reports, no one I’d like to quote, stating that this Alliance with all these notable partners includes Crowdstrike now ingesting threat intelligence from these partners?
Some of the noted partners include:
Google Cloud, Service Now Okta, ZScaler
I’m looking for confirmation and wondering if these partners are willing to share in real time will they also share in real time with Cloudflare, for example.
Wow, fast moving and potentially leveling the playing field rather than elevating just Crowstrike as many reports and the 7% rise seem to suggest."
I’d interpret this a little differently. This is a much needed and laudable initiative by Crowdstrike to create a set of standards for interoperability between security solutions, specifically threat intelligence. Nothing is new about that attempt, SIEMs today ingest logs and network traffic, often using custom integrations, but also using standards like STIX and TAXII
https://www.anomali.com/resources/what-are-stix-taxii ).
What’s new is the XDR space is trying to take in more data, more easily, correlating it and “hopefully” creating less alerts that are of higher confidence and actionable. Every security analyst I’ve ever talked to is SATURATED with alerts. Their problem is they have to use multiple tools to triage any security event, they get way too many false positives (i.e chase down ratholes that never were real issues) and unfortunately have alert fatigue that leads to missing some of the real issues. A nirvana XDR solution will integrate EDR, SOAR and SIEM like capabilities in one integrated platform, that takes feeds from any source easily, allows for interoperability (hey Palo shut that firewall down, we detected a threat), automates responses (within reason, that’s a double edged sword) and reduces the amount of alerts you have to investigate. All while giving your smart recommendations on what steps you should take, so that level 1 analyst can function more like a seasoned veteran and giving you a capability to collaborate with others in the org in solving the issues.
I take this announcement as a power play by Crowdstrike to lead in the setting of those standards, and they’ve enlisted a nice group of important security players to cooperate. If they win the day, they will have the advantage of setting standards and evolving their product faster to take advantage of that. Other competitors will either move towards the same standards or try to set their own proprietary approaches (a standard is nothing more than a proprietary approach that lot’s of people agree on!). The best tech will win in the end, and I do like Crowdstrike’s odds as a leader in this space. But I notice on that list there aren’t big SIEM players like Splunk, Exabeam, Secureonyx, IBM, etc. who no doubt will be looking to lead as well. So I think the war is just starting and very early for XDR.
There are lots of these standards efforts that in the end provides benefit to the customer but provides even bigger advantage to the first movers who define them. Imagine if you were a car company that got the opportunity to design the standards for autonomous driving that ended up being adopted industry wide. You’d be building that technology into your offering before anyone else which should provide an advantage.
Sorry for rambling, stream of conscious thoughts here unedited.