It’s easy to get lost in product categories in security these days. And XDR (eXtended Detection and Response) is a new addition to the landscape, which makes people wonder – what exactly is that?
XDR vs SIEM – What’s the difference?
We’ve previously held that XDR and SIEM are effectively the same things, although many vendors and Gartner analysts would probably disagree. They would insist that it’s different because it has machine learning, it has better and easier native integrations, it has endpoint detection and response, it has fewer false positives, and so on. An article on the topic would usually say that XDR does not obsolete SIEM because it’s still needed for compliance/reporting/retention/forensics/…
But if you see most SIEM products nowadays (including LogSentinel), they would have machine learning, UEBA, endpoint protection agents, automated response capabilities, native integration with a lot of tools, and cloud services. None of these things have been part of the “original” SIEM concept of collecting logs and applying correlation rules, but those no longer exist – the market has driven SIEM to become “next-gen”.
So XDR is effectively what next-gen SIEM would have been. Some vendors are switching their messaging from “SIEM” to “XDR”, claiming some form of evolution. That evolution has already happened within the SIEM space and it’s now spilling over to this new category.
XDR or SIEM – Which one do you need?
I’m sure this is still unhelpful to potential buyers who wonder “it’s great to have a clarification of terminology, but which one do I need”. The best answer to that from a vendor point of view is “both” (because you can also sell XDR to customers who already have SIEM). But the right answer is: evaluate capabilities first. Do a proof of concept (we always offer a free one) and check the integrations and capabilities that you need or expect. Then it doesn’t matter if you are buying a SIEM, a “next-gen SIEM”, an XDR, or some other label that’s trying to avoid competing in existing markets.
The NextGen SIEM For the Mid-Market
LogSentinel’s focus is the mid-market, where having two types of hugely overlapping solutions is financial and operational nonsense. So we advise customers to include both SIEM and XDR in their research and evaluation and see which ones cover their needs best.
Bozhidar Bozhanov is co-founder and the CEO at LogSentinel. He is a senior software engineer and solution architect with 15 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He’s also a former government advisor on e-government, transparency and information security.