“That makes a lot of sense because the challenge of integrating other tools from another third-party ecosystem are the same as those we’ve seen with SIEM,” she said. “Once you start trying to optimise for flexibility and modularity, it becomes difficult to control the quality of protection and to continuously provide detection.
“An open XDR vendor is focusing on the security analytics layer, but doesn’t own the downwind security stack,” Blackshaw explained. “They work through integration of other vendors’ technology, usually through alliances or an ecosystem of security vendors.