XDR Alliance Celebrates First Anniversary, Releases Open Source Common Information Model (CIM)
BLACK HAT -- The XDR Alliance™ today celebrates its first anniversary at this year's Black Hat conference. A primary focus of year one for the alliance was collaboration on a Common Information Model (CIM), now available as open source via public GitHub with Apache 2.0 licensing. The CIM provides the broader cybersecurity industry with a common foundation for understanding, normalizing, getting deeper visibility into, and enriching log data across technologies to provide organizations with simplified integration and a more holistic picture of their environments.
"In the last 12 months, the alliance has achieved several milestones across technical, thought leadership, and awareness charters -- notably cadenced collaboration on an open source CIM, and organization of well-attended events at RSA Conference and Gartner Security and Risk Management Summit. We also expanded membership coverage in other key XDR-relevant categories by welcoming new members CyberArk, Recorded Future, and VMware," said Gorka Sadowski, founder, XDR Alliance and Chief Strategy Officer, Exabeam. "The growth and teamwork are inspiring; we look forward to future anniversaries and sharing stories of our joint customers experiencing access to open, interoperable solutions to best protect their organizations."
The new CIM leverages lessons learned from thousands of customer deployments and is designed to power the next generation of XDR and Threat Detection, Investigation and Response (TDIR) solutions. Conceived as a collaborative effort with members of the XDR Alliance and developed to enable easy, transparent integration of both legacy tools and the latest cloud technologies, the CIM also offers future proofing with built-in extension capabilities for tomorrow's technologies. Organizations benefit from the integration they need as their technology stacks and security infrastructure evolve.
"We would like to thank all the members of the XDR Alliance who contributed to the CIM and are thrilled to see it released to the open source community," said Andy Skrei, Senior Director of Product Management, Exabeam. "This CIM represents untold hours of research and development from Exabeam and alliance members so end customers can more easily extract value from all logs in their environments. Releasing the CIM with an Apache license is a testament to our commitment to open security and transparency."
XDR Alliance Member Quotes
"As an organization ocused on protecting connected assets across the entire attack surface, Armis is committed to working with XDR Alliance members to further secure these managed and unmanaged assets," said Ed Barry, VP of Strategic Alliances, Armis. "It's been a great journey collaborating on the latest CIM and forthcoming API integrations - the beauty of the XDR Alliance is that it showcases our community and shared vision. We best safeguard organizations working together."
"The XDR Alliance and its open framework provides a powerful roadmap for organizations looking to better protect themselves by harnessing the power of contextualized data. The network touches every device, application, and person within an organization's environment - it is a key source of intelligence about your business. This framework helps users leverage network forensics with other foundational data sources for a complete view of an attack campaign," said Phil Shigo, VP of Business Development, ExtraHop. "The CIM is yet another step forward in creating a collaborative and open XDR approach, providing security teams a common framework to communicate consistently."
"Email continues to be a key asset for threat actors, from phishing campaigns to business email compromise. Mimecast is a leader in the email security space and we are proud to have been a founding member of the XDR Alliance," said Jules Martin, VP ecosystem and alliances. "We are committed to collaborating on technical integrations with the other members of the XDR Alliance on a common approach to benefit joint customers across the globe."
"As a leader in cloud security and SASE, Netskope has a unique vantage point on how to provide threat detection, investigation, and response in cloud-first and hybrid organizations. This requires an open approach, and a robust CIM for all things logs and events," said David Willis, Head of Technical Integrations, Netskope. "We are proud to work in collaboration with so many cybersecurity innovators from around the world committed to an open, inclusive, and collaborative Extended Detection and Response (XDR) framework."
Black Hat attendees are welcome to join the XDR Alliance Passport Program by visiting participating alliance member booths to see a demo of alliance member technologies for the chance to win a $1,000 Amazon gift card.
Founding members of the XDR Alliance include Armis, Exabeam, Expel, ExtraHop, Google Cloud Security, Mimecast, Netskope, and SentinelOne. In 2021, the alliance welcomed CyberArk, Recorded Future and VMware. To push API integration innovation further forward, the alliance is expanding its MSSP/MDR category. New members in the category will be announced soon.
XDR Alliance Charter
The charter of the XDR Alliance is to define and promote an open XDR approach that best works for end users; to help SecOps teams better integrate new and evolving applications and technologies; to make it easier to deliver on the value-add use cases that their organizations require; to ensure interoperability across the XDR security vendor solutions set; and to collaborate on XDR market education and awareness.
XDR Alliance members are representative of complementary technologies in security analytics, security information and event management (SIEM), endpoint, email, identity, cloud, network, and OT/IoT security and threat intelligence, collaborating to provide open XDR and threat detection, investigation, and response (TDIR). Alliance subcategories also include managed security service providers (MSSPs), managed detection and response services (MDRs) and systems integrators (SIs).
The members of the XDR Alliance encourage cybersecurity and IT vendors to participate in the alliance for the continuous improvement of TDIR outcomes for security professionals everywhere. If your organization would like to apply, please visit the XDR Alliance member application page.
About XDR Alliance
The XDR Alliance™ is a partnership of best-in-class security and information technology providers organized to help security teams easily design and implement effective threat detection, investigation, and response (TDIR) capabilities using Open XDR. The mission of the alliance is to work in collaboration to make an open approach to XDR a reality for SecOps teams and help them effectively protect their organizations from adversarial behavior. Learn more at www.xdralliance.com.