AMTSO XDR Product Data
AMTSO provides an at-a-glance overview of what major XDR platforms offer. The content on this page is in draft format for testing and confirmation.
The table below shows the coverage of major XDR platforms by category, including information on whether solutions are provided by in-house technology or via third parties. The data displayed here is based on information made available by each provider, either directly to AMTSO or via public sources. While AMTSO has made every effort to confirm the accuracy it cannot be considered definitive in every case.
Links under Product Title direct to each vendor’s own landing page for their product. Hover over the symbol entries for individual component titles and other additional information, where available, and over the vendor names for data sources and summary notes provided by contributing vendors.
Key to symbols
In-house provision – the vendor provides their own solution in this category
Third-party provision – options are available to use third-party tools in this category, often recommended partner products or from a marketplace of compatible solutions.
| Vendor | Product Title | Endpoint | Firewall | WAF | Network IDS/IPS | Email Server | Cloud Email | File Server | Cloud Storage | Data Protection | CASB |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco XDR |  |  |  | | | | | | ||
| Crowdstrike | Crowdstrike Falcon | | | | | | | | | | |
| Elastic | Elastic Security | | | | | | | | | | |
| Fortinet | FortiXDR | | | | | | | | | | |
| Microsoft | Defender XDR | | | | | | | | | | |
| SentinelOne | Singularity XDR | | | | | | | | |
||
| Palo Alto Networks | Cortex XDR | | | | | | | | | | |
| Sophos | Sophos XDR | | | | | | | | | | |
| Trellix | Trellix XDR | | | | | | | | | | |
| Trend Micro | Vision One | | | | | | | | | | |
| Watchguard | ThreatSync | | | | | ||||||
| WithSecure | Elements XDR | | | | | | | ||||
| Vendor | Product Title | Endpoint | Firewall | WAF | Network IDS/IPS | Email Server | Cloud Email | File Server | Cloud Storage | Data Protection | CASB |
FAQ
Why is AMTSO providing this data?
AMTSO’s XDR testing criteria project began with a focus on what areas are covered by various tests; this led to categorization of the major areas and components comprising XDR solutions. The tester members of the XDR Working Group noted that finding exactly what was included in various solutions was often a difficult task.
This shortage of readily-available information was also cited in our outreach to CISOs and other enterprise purchasers/users of security solutions. As we developed a means of displaying the areas covered by tests, a simple chart showing the composition of products seemed likely to have value to those evaluating and selecting solutions.
How were the vendors selected for inclusion?
The working group started with a list of significant players in the XDR market space. Data gathering then took place, both directly from the vendors and via public online sources. The final list of vendors covered includes only those who chose to provide their own information, or those for whom clear and reliable information could be found. Where information was unavailable or incomplete, some vendors were left out of the final published data.
How is this data gathered and validated?
A simple form to capture the data used in the chart was circulated to AMTSO members and various non-member companies active in the XDR space. Those who chose to respond provided details of their products and the options possible. Where no responses were received, members of our XDR Working Group were assigned to source the required information from public sources, after which the data found was submitted to the relevant vendor company for confirmation and/or any corrections.
The sources of data can be found by hovering over the vendor names in the chart – where the vendor itself is flagged as the source, this means they either provided the initial data, or confirmed/corrected the entries gathered by our working group members.
Is the data accurate? Will it change over time?
The data has been confirmed as reliably as possible, with all vendors listed given a chance to correct any entries gathered by AMTSO from public sources, but AMTSO accepts no responsibility for inaccuracies. As solutions change and evolve we will update the chart with the latest available intel, and will expand it with new providers where we can.
Is it best to have more blue or more orange triangles?
AMTSO makes no claims about the relative worth of in-house versus third-party tools; some vendors opt to focus on a “best-of-breed” approach combining tools from multiple vendors, while others offer mainly or solely their own in-house tools, but most make both options available in some or all categories.
Which approach is best for a particular situation or use-case depends on multiple factors, but one of the key principles of XDR is that the user should have a seamless experience regardless of which tools are providing the data and functions in each layer or area.
Many individual components are already being tested and evaluated in various ways, and some test labs are now looking at how they interact in an XDR setup. As the XDR market matures and more independent testing data becomes available, this will assist potential purchasers to better judge which components provide the best security, usability and other key factors.
Can I request the addition of data for other vendors not currently included?
AMTSO is happy to add further information; if there are vendors you would like to see covered in our chart, we can reach out to them for input and/or attempt to gather information from public sources. To suggest an addition you can contact us via any of the methods on our contact page.
If you represent a vendor and would like to supply details of your own solution, we can direct you to a simple form to provide the information required to add you to the chart.
Will similar data on what is being tested also be made available?
Yes, the next phase of our XDR project aims to collate data from the various test labs running or planning XDR-specific tests, which we intend to provide in similar format but with significantly more detail. Watch this space for updates!