Microsoft is named a leader in the Forrester Wave for XDR

“Defenders think in lists, attackers think in graphs.”1 This remains a reality for the many organizations that operate across siloed security tools, fueling the demand on security operations (SOC) teams, as advanced cyberattacks continue to increase in frequency and speed. That’s where extended detection and response (XDR) solutions play a critical role in overcoming the silos and doing the work of correlating alerts across asset types to not only give defenders the ability to respond faster on their own, but even autonomously respond to some of the most sophisticated cyberattacks.

Today, we are excited to announce that Microsoft has been named a leader in The Forrester Wave: Extended Detection and Response (XDR) platforms, Q2, 2024, with the highest scores in the strategy, current offering, and market presence categories. Microsoft Defender XDR was rated the highest possible in 15 out of 22 evaluation criteria, including Endpoint Native Detection, Surface Investigation, Threat Hunting, Analyst Experience, Vision, and Innovation.

> Forrester states that “Microsoft is refining the most complete XDR offering in the market today,” and called out “its dedication to innovation is demonstrated by its percentage of the R&D budget by revenue, which rivals the most innovative vendors in security.”

We believe Forrester’s recognition showcases that Microsoft Defender XDR is the broadest native XDR solution on the market and that our most recent additions of Microsoft Defender for Cloud data and Microsoft Purview Insider Risk Management data are critical to give the SOC access to end-to-end data. Its incident-level visibility, automatic attack disruption of advanced attacks, and accelerated detection and response now work across endpoints, Internet of Things (IoT), operational technology (OT), on-premises and cloud identities, email and collaboration tools, software as a service (SaaS) apps, cloud workloads, and data insights.

Microsoft Defender XDR

Elevate your security with unified visibility, investigation, and response.

Learn more

Get end-to-end protection with Microsoft’s unified security operations platform

Native breadth is critical to an industry-leading XDR solution, and with Microsoft Defender XDR coverage, organizations get free data ingestion for more workloads than any other can provide. But we understand that customers need to be able to bring together security signals from many sources. This is why we built the security operations platform—by combining the full capabilities of XDR, security information and event management (SIEM), exposure management, generative AI, and threat intelligence. Having these critical capability sets in a single place and operating across all relevant data defeats security tools silos while empowering security teams with unified, comprehensive features that apply to multiple use cases.

A unified platform. The unified security operations platform enables customers to reap the benefits of both SIEM and XDR through incident level response, flexible reporting, automated workflows, and hunting across both first- and third-party data sources. In the private preview, customers saw up to an 80% reduction in incidents, leveraging the powerful correlation across both XDR and SIEM data.2 With attack disruption for SAP, the platform will automatically disable access to both the SAP and Microsoft accounts during a financial fraud attack—providing critical protection for a platform that houses extremely sensitive data.

Generative AI embedded. Microsoft Copilot for Security is an industry-first generative AI solution that enables security teams to simplify processes like incident remediation and guided response, reverse engineer malware code, and even uplevel junior analysts by generating Kusto Query Language (KQL) queries using natural language. Embedded directly into the investigation experience, Copilot for Security enables the SOC to automate repetitive tasks and facilitate more informed decision-making during complex security incidents.

Disrupts advanced attacks faster than any other platform. In a world where AI can be used for both good and evil, the importance of using it to fortify organizational defenses becomes more critical than ever. In the last year, 75% of security professionals witnessed an increase in attacks with 85% attributing this rise to bad actors using generative AI.3 This is why Microsoft Security continues to invest in AI. Automatic attack disruption in Defender XDR uses the power of AI and machine learning to detect and disrupt in-progress attacks like ransomware, business email compromise, attacker in the middle, and more with high confidence to limit the impact to an organization. By correlating trillions of signals from the workloads, Defender XDR can recognize the intent of an attacker and disrupts ransomware attacks in just three minutes.4

With cyberattackers using AI for their own means, XDR and unified security operations platforms are becoming increasingly critical to modern cybersecurity strategies. We are excited that Forrester recognized Microsoft’s leadership in this space, and we will continue to focus on innovation and AI-capabilities to help organizations future-proof their defenses.

Learn more about Microsoft Defender XDR.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

---

1The Fundamentals of Cloud Security, The Hacker News. May 8, 2024.

2Microsoft internal data, May 2024.

3Study finds increase in cybersecurity attacks fueled by generative AI, Security Magazine. August 29, 2023.

4Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview, Rob Lefferts. April 3, 2024.

The Forrester Wave™: Extended Detection And Response Platforms, Q2 2024, Allie Mellen, Joseph, Blankenship, Sarah Morana, and Michael Belden. June 3, 2024.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change.

The post Microsoft is named a leader in the Forrester Wave for XDR appeared first on Microsoft Security Blog.