Security Software Buyers Look to XDR to Defend Against Data Breaches

Updated: 3 days ago

XDR is a newly coined acronym that refers to Extended Detection and Response software, a red-hot and competitive category of products intended to elevate and simplify enterprise network security management.


Unlike legacy Endpoint Detection and Response (EDR) platforms, these advanced solutions provide panoramic visibility across an organization’s entire infrastructure (endpoints, firewalls, cloud, mobile devices, and so on), and respond automatically to identified threats. XDR solutions take preventative measures to block malicious content from reaching a system, and work to mitigate any in-progress attack on a compromised endpoint. XDR solutions feature integration across multiple endpoints, clouds, email, and so on, streamlining security for the whole enterprise while providing visibility into every phase of an attack.


Because of its advancements in security functionality and its ability to serve as a security platform that drives customer “stickiness,” many security providers are rushing to win market share and establish themselves as dominant in the space.


Following is a table showing some of the main players in the XDR segment.


XDR Market Overview:

​Market Player

Solution Notes and Recent Observations

SentinelOne

  • A market leader with advanced solution and functionality

  • We have seen SentinelOne compete aggressively for new business by providing price concessions when other security providers are included

CrowdStrike

  • Recently acquired Humio for $400M to provide cloud log management and observability functionality necessary for their XDR platform

  • Partnered with Google Cloud and Zscaler to form an XDR Alliance

  • Customers can now share data between hybrid cloud environments

  • These investments and partnerships show Crowdstrike’s determination to establish themselves as a leader

  • Provides deeper discounts when competition is included

Trend Micro

  • Received the highest score in Forrester’s XDR Provider evaluation report for Q4 2021

  • Customer feedback indicates that they provide exceptional support

  • Buyers achieve success when using multiple deal options (like multi-year term lengths) to secure additional concessions on pricing and terms

Palo Alto Networks

  • Offers two Cortex XDR solution editions

  • Prevent: Endpoint protection + device control, disk encryption, and host firewall features

  • Pro: Expands to protect endpoints, networks, cloud resources, and third-party products

  • To bolster these XDR capabilities and their Cortex product offering, they acquired Expanse in 2020 to add scanning capabilities

  • The Cortex suite offerings are aggressively being pushed by sales reps, indicating that it is a strategic product set for the business

  • Provides buyers with leverage if they have interest in Cortex offerings when negotiating a new purchase with Palo Alto

Trellix

  • Symphony Technology Group acquired McAfee and FireEye in 2021

  • Merged companies to focus on XDR field and to provide better solutions to their customers

  • This merger comes on the heels of a FireEye breach last year

  • Given the recent FireEye hack, Trellix will want to rebound and regain trust in the market

  • Provides an opportunity for buyers to negotiate better pricing and terms for adopting a solution that had reliability issues in the past

Other Notable Options (Microsoft and Cisco)

  • Both Microsoft (Microsoft 365 Defender) and Cisco (SecureX / Cisco XDR) have product offerings that compete in the XDR space, but they are less popular options because the niche players established themselves first in this market

  • Most organizations already do business with both vendors, so their solutions can provide easy competitive alternatives in new purchases or renewal negotiations with niche players looking to defend their business

XDR Negotiation Strategy:


To achieve the best deal outcomes with any of these suppliers, it is important to consider the competition prior to negotiation. Even though it’s common for IT teams to establish “favorites” when it comes to critical solutions like security, we have observed that vendors provide much more attractive offers when viable alternatives are in the mix. This has to do with the intense rivalry between security suppliers who are clawing to establish themselves as the leader in this space.


For best outcomes, buyers must align their stakeholders around a unified negotiation strategy, while ensuring them that their desired solutions will be procured. By establishing a competitive environment, organizations can approach deals from a position of strength and achieve the best pricing and terms from their providers.


Case Study: SentinelOne vs. CrowdStrike


To illustrate the effect competition can have on the bottom-line, consider a deal we recently reviewed. A customer was struggling to attain better discounting with SentinelOne and would not consider any alternatives. After failing to improve their deal, the client decided to include Crowdstrike as a competitor. Once the customer conveyed the competitive bid to SentinelOne, the proposal cost was slashed by 46%, and the business got its preferred solution at a greatly reduced price.


As with any deal, achieving best-in-class outcomes is dependent on building leverage and securing a positive negotiation position prior to deal execution. For more information about building leverage against any supplier, watch our recent webinar on Leverage Management Fundamentals or contact your Accenture representative.


- Cory Ryan is a Senior Analyst at Accenture.