XDR Alliance turns one, celebrates with new open source CIM

The XDR Alliance™ has celebrated its first anniversary at this year’s Black Hat conference.

XDR Alliance is a partnership of best-in-class security and information technology providers created to help security teams easily design and implement effective threat detection, investigation, and response (TDIR) capabilities using Open XDR

A primary focus of year one for the alliance was collaboration on a Common Information Model (CIM), now available as open source via public GitHub with Apache 2.0 licensing.

The CIM provides the broader cybersecurity industry with a common foundation for understanding, normalising, getting deeper visibility into, and enriching log data across technologies to provide organisations with simplified integration and a more holistic picture of their environments.

“As an organisation focused on protecting connected assets across the entire attack surface, Armis is committed to working with XDR Alliance members to further secure these managed and unmanaged assets”

“In the last 12 months, the alliance has achieved several milestones across technical, thought leadership, and awareness charters –– notably cadenced collaboration on an open source CIM, and organisation of well-attended events at RSA Conference and Gartner Security and Risk Management Summit. We also expanded membership coverage in other key XDR-relevant categories by welcoming new members CyberArk, Recorded Future, and VMware,” said Gorka Sadowski, founder, XDR Alliance and Chief Strategy Officer, Exabeam. “The growth and teamwork are inspiring; we look forward to future anniversaries and sharing stories of our joint customers experiencing access to open, interoperable solutions to best protect their organisations.”

The new CIM leverages lessons learned from thousands of customer deployments and is designed to power the next generation of XDR and Threat Detection, Investigation and Response (TDIR) solutions. Conceived as a collaborative effort with members of the XDR Alliance and developed to enable easy, transparent integration of both legacy tools and the latest cloud technologies, the CIM also offers future proofing with built-in extension capabilities for tomorrow’s technologies. Organisations benefit from the integration they need as their technology stacks and security infrastructure evolve.

“We would like to thank all the members of the XDR Alliance who contributed to the CIM and are thrilled to see it released to the open source community,” said Andy Skrei, Senior Director of Product Management, Exabeam. “This CIM represents untold hours of research and development from Exabeam and alliance members so end customers can more easily extract value from all logs in their environments. Releasing the CIM with an Apache license is a testament to our commitment to open security and transparency.”

Founding members of the XDR Alliance include Armis, Exabeam, Expel, ExtraHop, Google Cloud Security, Mimecast, Netskope, and SentinelOne. In 2021, the alliance welcomed CyberArk, Recorded Future and VMware. To push API integration innovation further forward, the alliance is expanding its MSSP/MDR category. New members in the category will be announced soon.

XDR Alliance Charter

The charter of the XDR Alliance is to define and promote an open XDR approach that best works for end users; to help SecOps teams better integrate new and evolving applications and technologies; to make it easier to deliver on the value-add use cases that their organizations require; to ensure interoperability across the XDR security vendor solutions set; and to collaborate on XDR market education and awareness.

XDR Alliance members are representative of complementary technologies in security analytics, security information and event management (SIEM), endpoint, email, identity, cloud, network, and OT/IoT security and threat intelligence, collaborating to provide open XDR and threat detection, investigation, and response (TDIR). Alliance subcategories also include managed security service providers (MSSPs), managed detection and response services (MDRs) and systems integrators (SIs).

The members of the XDR Alliance encourage cybersecurity and IT vendors to participate in the alliance for the continuous improvement of TDIR outcomes for security professionals everywhere. If your organization would like to apply, please visit the XDR Alliance member application page.