Google Cloud Security joins Exabeam-led cybersecurity alliance

The cybersecurity companies will help SecOps teams integrate new applications and technologies while ensuring interoperability across the XDR security vendor solutions set.

Exabeam and seven other cybersecurity companies announced the creation of the XDR Alliance on Tuesday, touting the effort as a way to help downstream SecOps teams. 

Google Cloud Security, Mimecast, Netskope, SentinelOne, Armis, Expel and ExtraHop joined Exabeam in founding the alliance centered on XDR -- short for extended detection and response framework and architecture. 

The companies said the end goal of the partnership is to "enable organizations everywhere to protect themselves against the growing number of cyber attacks, breaches, and intrusions" by helping security teams evolve and ensuring interoperability across the XDR security vendor solutions set.

The alliance will also work together on campaigns to popularize XDR and assist SecOps teams in integrating "new and evolving applications and technologies."

Gorka Sadowski, chief strategy officer at Exabeam and founder of the XDR Alliance, said the XDR Alliance "brings together the most forward thinking names in cybersecurity to collaborate on building an XDR framework that is open and will make it easier for security operations teams to protect and secure their organizations."

"History will look back and declare how well the cybersecurity industry succeeded in putting collaboration above competition to help protect our organizations and institutions," Sadowski said. "We are at an inflection point with an extremely fragmented industry that requires all of us in the vendor community to come together to strengthen organizations' SOCs."

The alliance created a three-tier model that focuses on the core components of the XDR technology stack. The three tiers include data sources/control points, XDR Engine, and content.

"Data sources/control points refers to the security tooling that generates telemetry, logs and alerts, and that act as control points for response. The XDR Engine tier is the engine that ingests all the collected data and performs broad threat detection, investigation and response for SOC operations," the alliance said in a statement.  

"The Content tier includes the pre-packaged content and workflows that allow security organizations to deliver on required use cases with maximum efficiency and automation."

Part of what drew the cybersecurity companies to the alliance is that each represents one of the subcategories under SecOps, which include network detection and response, security information and event management, security analytics, identity management and more.

Sunil Potti, Google Cloud VP and GM of Cloud Security, explained that security operations teams are demanding more from their tools as the threat landscape continues to grow. 

Organizations now need a platform to cost effectively store and analyze all of their security data in one place and investigate and detect threats with speed and scale, Potti said, adding that enterprises now need the ability to store vast amounts of data, analyze and correlate the data from siloed solutions in order to adequately detect and respond to emerging threats within their environments.

"We are looking forward to joining the XDR Alliance to help build an inclusive and open XDR framework that gives our joint customers a pathway to the best-in-class Security Operations Centers (SOCs) in the Cloud," Potti said. 

There is an XDR Alliance member application page for organizations interested in joining. 

Exabeam CEO Michael DeCesare added that many of the companies share customers and are looking to improve the SOC experience. The emergence of "covert AI and automated attacks" as well as other threats prompted the companies to unite, DeCesare explained.