Security Without Limits: Open XDR That Works for You

Brian Moody:
It's time for WhiteDog’s Sound Bytes! I'm Brian Moody, vice president of global sales and channels. And with us today again is our founder and chief executive officer, Shahin Pirooz. Today's topic is Open XDR. What is it? It seems to be a hot topic in the industry, in the market right now. We've often talked about this EDR to MDR to XDR, and now it's Open XDR.

Shahin Pirooz:
Realistically, it's about time that Open XDR became a thing. We've kind of built our business around this concept of Open XDR. And it is all the buzz right now because there's a lot of players who are trying to jump into this space. And, fundamentally, if we take a look at what XDR is, XDR again I've shared this with you all before, but it was coined, that term was coined by Palo Alto and, with Gartner, they came out with this concept of an extended detection and response. And it was around the notion that EDR was prevalent. There was all these MDR players that came out which were effectively SOC as a service, but they were calling it Managed Detection and Response because they would take over management of your EDR.

XDR came along and Palo Alto said, what if it wasn't just endpoint data? What if it was more telemetry? And in their context, it was networking. Today, their XDR play has expanded and it does a little bit more. It does some cloud telemetry, it does some DNS telemetry. But ultimately it was this notion of we need to go beyond the endpoint and we need to extend the telemetry we're using to find threats. So what XDR is today in the industry is an extended detection suite and response at the endpoint, but in a single manufacturer. It's a single vendor. So, single vendor source, it's a technology sale, it's a tool. You're buying it, you're implementing it, you're managing it yourself.

What is Open XDR? Open XDR is this notion that there's no one manufacturer that's going to make the best tool in every single category. DNS, network, endpoint, and no offense to my friends over at Palo Alto, but their endpoint doesn't stand up to the other endpoints in the market today. Their network, however, phenomenal firewalls, some of the best firewalls on the market. And so, that's exactly the point we're trying to make with this notion of best in breed, best in class. And so Open XDR is this notion of extended detection and response, but with a multitude best in breed technologies, as opposed to a single technology.

Open XDR is still a tool play. You're going and buying and investing in all of the tools, and you're managing those tools. But it is the ability to be able to correlate and aggregate data across all those tools in a simpler, more easy way. You still have to build the SOC, you still have to build all the correlation rules, you still have to do the fine tuning, you still have to configure each technology, each tool. You have to figure out how to integrate them together so you know that data from one tool matches data from another. But it's this notion of best in class that is really important underlying the Open XDR notion.

Brian Moody:
So here we are in 2025. Open XDR is the hot topic. Almost nine years ago, when you really kind of dreamed up, and really out of frustration, you were tired of the claims that the manufacturers were making because they weren't necessarily best in class. I think what we're seeing more and more since that time is, you just brought Palo Alto for example. They're acquiring tools to fill out this XDR suite. We've watched Cisco do it. We even see now certain PSA plays that are acquiring tools. We've been to enough conferences now where we've heard CEOs stand up saying, hey, you only need us, you don't need endpoint. And here we are 12 months later, and the company's got an endpoint tool that they're talking about.

So we're watching this kind of expansion where people are building out this XDR tool. But didn't you do this eight years ago? Isn't WhiteDog Open XDR?

Shahin Pirooz:
It is. The fundamental difference between what we did was, we built a proprietary Open XDR, for lack of better terms. We built a curated enterprise security stack and built this. Our mission is to continuously evolve that stack so that it's constantly being best in breed technologies, and we built it in a composable model. So we built that Open XDR layer so that we can manage across all these tools and present an integrated tool set or platform to our partners so that they can manage their customers in a secure way or they can have us manage their customers in a secure way, whichever their leaning towards. But you could argue that we had to develop our own Open XDR to accomplish what we did. However, what we present to market is not an Open XDR. It is a curated enterprise stack.

So under the surface the answer is yes, we realize the need for this. We ended up having to build it because there was no such thing. And, as has been my entire career, come up with some great idea and five years later somebody comes out with a tool that does this great idea and if only it had been there five years before.

Brian Moody:
So, for those of you meeting us for the first time, WhiteDog has done just that. We have built and brought to market a composable and curated security stack that we bring to our partner community that they can take to market white labeled as their own. They could take to market as powered by WhiteDog. But it is a solution that has been built. It's got a full 7 by 24 security operations behind it. It's a full curated composable stack that we bring, that we manage, that we co-manage. It's shared management between our partners and we brought that to market. Now I just mentioned how companies continue to add on, and I think that one of the things that I see in you and our product team is constant innovation. You guys never stop. You're constantly looking at what's needed, what are the new threats, what are the new risks?

Shahin Pirooz:
Well, we can't stop. Because of our competitors in this battle, the threat actors that are constantly changing and evolving to try to evade detection and capture, we have got to innovate. And where security companies die is they build something and they think they made the best mousetrap ever. But there was already a mousetrap that's 150 years old that has been working great. But the bad actors, the mice in this case, know how to get the cheese off the darn thing without getting caught.

Brian Moody:
Without getting smacked.

Shahin Pirooz:
Yes. So the reality is you have to come up with different ways. Like, you have to now innovate cheese that doesn't come off of the stick so they have to pull harder. And you know there's so many different things you have to accomplish in a product life cycle to be able to stay ahead or even keep pace with the bad actors. And so we can't go to sleep. And that's a big part of the value proposition that WhiteDog brings to the table is, we don't sleep, so you can.

Brian Moody:
So, we're doing mail, we're doing that Internet Threat Protection, we're doing the endpoint. We kind of bring this whole proactive approach to security which I think is the other very unique thing about us. Yes, we are using reactive technologies. They're needed in the stack, but we have this whole proactive approach to Attack Surface Management. What are some new things that we've got, before we kind of jump into the open side. Talk a little bit about, again, your team continues to innovate. What are some new things here in Q2 of 2025 that we've got coming?

Shahin Pirooz:
So we mentioned some new technologies that are coming out. Our Zero Trust Identity and our data risk management platforms in a previous Sound Byte. Those are new releases that are coming out in the next, I would say 60 days. But part of what's also happening is, if we really truly latch on to this word extended in extended detection and response, we need to truly continue to extend our capabilities in that space. So there's an enhancement coming to our XDR offering, this is not our Open XDR this is our curated stack, that it will include Identity Security Posture Management, so we'll be scanning active directory for configuration mistakes and challenges and accounts that have been left undeleted or stale or—

Brian Moody:
Elevated privileges or reactivated.

Shahin Pirooz:
And then we'll also be adding our Storage Security Posture Management platform to our XDR and that will effectively be scanning all of your cloud assets in Office 365, so SharePoint, Teams, OneDrive, and it will also, if you're a Google shop, do Google Drive. But there's also an agent-based part of that, if you wanted to add that on, that will scan the files on the machines across your enterprise and give you a security posture from a risk perspective. So, what is my data risk with the files I have distributed throughout my environment? And what happens if these files get exfiltrated and ransomed? What is the cost of that ransom? So, our storage security posture will be added to our XDR offering.

Then, we'll be adjusting our complete version of XDR. We’ll remove security awareness training. We're seeing a lot of people who have their own and don't need that. We are going to add our Data Risk Management offering which will take and encrypt all of that data that is at risk at a push of a button.

So we're again taking this notion of there are five layers of security. You start with threats at email, largest threat vector, 93% of all attacks start there. Then once the user clicks on a link, the DNS comes in. So DNS security is the next layer and you need to prevent them from getting to known bad URLs, IP addresses and prevent them from downloading malware. The next is the identity because the very first thing that the hacker wants to do is capture identity. We've added identity security to the stack. The next thing is Endpoint, which is EDR. Most players out there have EDR, but they don't have the other things I've just talked about. The next layer beyond that is the network and we have network detection and response in our XDR offering to identify rogue devices, identify IoT devices on the network and the communications that are happening from them. And then layer on top of all of that this data risk approach which is now going to protect your data in such a way that it doesn't matter if it gets exfiltrated, it's worthless to them once it's exfiltrated.

So those are the layers that are coming in the next quarter for our XDR offering. But you know, to the point you made earlier as we talk about open, so that's great. We've built this open stack that helps us to manage and be able to integrate and in a composable way rip and replace technologies in our stack, and that capability, we're exposing to market now as an Open XDR solution. We're calling it our 5th edition of XDR, which is called XDR Open.

And our XDR Open offering will effectively be all of what I just talked about from an integration and tooling perspective, but not the engines underneath them, so you can leverage the engines that you've made investments in. We have a lot of clients and customers and partners that we talk to that are very discerning about the security stack that they have curated themselves. So, we've created a way, we're going to be releasing it this next quarter, to be able to manage your own curated stack, as opposed to having our curated stack come in and replace technologies you have.

We also have an economic roadmap which allows you to determine if and when you want to switch some of your stack to us or if some of our stack can close gaps from the technology stack that you built, you can layer those in and all of it will be in that Open XDR interface so that it's a single, unified, management interface for our customers. So from that perspective, we're trying to take it to a place...

I remember, many years ago at a company, we had a very Model T Ford approach to IT where it was you can have any color you want as long as it's black. And it's we have one size, one size fits all, and I hope you like it. And we went out and did market research and that market research came out and said I want choice, I don't want a bundled solution. I want the ability to have short term contracts because I don't know what's going to happen in the economy. We did this research in the 2008 downturn. And so all of these pieces came together to say people want the ability to pick pieces and parts that fit their business, but we often found after we disaggregated all of our services that everybody ended up picking all the services. So they ended up picking the XDR components.

Brian Moody:
They want their configuration.

Shahin Pirooz:
They want their configuration of XDR. So this is an evolution of that thinking. Bringing the intelligence, the security operations back end, the integration capability of the platform to market, to be able to pick your own configuration. And so we're pretty excited about this and hopefully, you know, those of you who are listening and the market becomes excited about this. We think it's a little bit of a game changer. We believe strongly that single vendor security stacks will fail. I will go hard to say single vendor security stacks will fail. There is no company that can build a perfect solution in every single category. Impossible. You can't be that good at everything.

Brian Moody:
I'll tell you what excites me the most about this direction for us is, we built this company to really enable MSPs, solution integration companies, consultants to be able to take a security stack to market, but to take that technology dead away. So to create that economic and technical efficiency.

Can you build it? We've talked about this. Certainly, you can do what we did. I mean, we went out and found best in class tools, we've spent eight years and millions of dollars building this out. You could do this. But why? Why would you want to? We've got partners taking advantage of this stack now. They've optimized their business. They're bringing a higher-level enterprise security stack to their customers.

That said, I'm seeing more and more partners talk about this technology debt. Like we’ve always said, no one has nothing. How many of you have ever walked into a customer and said, let's talk security? And they say we don't have anything. I mean, that doesn't exist today. I mean everyone has something. The challenge is long term contracts. Most everybody has a 12, 24, 36-month contract. They get locked in. So how do you address this? Not only from our partners who have invested in security stacks that they've built, and then they're walking into customers who also may have invested in security stacks. And that's not just an investment that you, you wash away.

So what excites me about what we're doing here is we're saying, okay, so replace the tools, let us take control. We'll take control, we'll manage it for you. Keep your tools or use our tools. It's really about flexibility. So now when we come back to that, I want my configuration, great. Keep some of the things that you're using. You can fill in gaps with some of the stuff that we're doing. And it really provides ultimate time optimization and flexibility not only to our partners, but I think it opens up their ability now to go address customers. So your customers that you're walking in now that are telling you, no, I'm sorry, we've already got something, great. We can make you smarter with that tool by taking our security operations and adding that level of expertise to it and making you better or take our tools and you can have that migration too.

Shahin Pirooz:
And the advantage to this model is that even if it is your own endpoint tool or DNS tool or email tool, or all three, you're still getting our seasoned security operations and threat hunters on the back end doing threat hunting against the telemetry across those tools. So you're not losing anything by using your own tool. The only gap would be that in an Open XDR world we can't include continuous incident response because we don't control the correlation rules and everything else that make us be able to find threats in six minutes versus six months. But, we can help you manage. We can co-manage it in the context of we can take that data, that telemetry and be able to process it. It's as if an MDR vendor grew up and became an XDR Open vendor is what we're talking about.

Brian Moody:
Well, how many times have we seen in companies where they're managing their own tool, just the level of expertise that's required to really understand what the telemetry is and then many times what the tool is actually telling the actual engineers that work in the organization and this can be either partners or customers. How many responses have we gone on where, you know, the SIEM alerted four, five, six months earlier that they've been breached? No one within the organization responded to it because they didn't really understand what the SIEM was telling them.

Shahin Pirooz:
They didn't have time to look at it. There's lots of reasons for it which is why the SOC as a service world has made a entrance into, and to be fair, the very first offering in 2018 that WhiteDog put out was SOC as a service. And it was very different than other SOC as a services because even then we had 10 technologies, 7 of which were open source and 3 were commercial that made up our SOC. All of this is, to Brian's point really about giving you the flexibility of choice. What fits best in your world and what fits best in your customer's world.

Brian Moody:
If you think about, to summarize, there's no long-term contracts. There's no vendor lock in. There's complete flexibility that brings kind of an advanced capability to your environment. To any environment really. So for our partners, as we approach, if you've already got something and we've actually. And again what excites me is I've got one specific partner I know I'm going back to because we approached them, they love what we were doing, but they had spent so much time investing in what they were doing that now with our Open XDR component, I can go back to that partner and say, hey, I understand. But what if you could have our expertise on the back end to help you optimize your team so that your team's not spending so much time. Again, here's time and the time value money, right? Save you a ton of time by having our team be able to help in management of these tools. I think that would be huge. So continue to innovate.

I think from a WhiteDog perspective around the platform, the attack surface management portfolio that you're building, I don't know if you want to give too much away on that or touch base on that, but that to me is this proactive approach. You know you've heard us talk about right of boom before. Everyone's focused on something happening. How do we respond? And again, that's critical. How quickly can you respond? You need to be able to react.

But I think the industry is moving too far away from a proactive approach to prevention. And that's really where we continue to develop our attack surface management from a standpoint of really understanding the risk that exists across the environment. Now we've talked about identity and Internet and data and cloud and application, and you start walking through all of these pieces that so dynamic in enterprise. How can you be proactive to protect that?

Shahin Pirooz:
What if you had Security Posture Management across all of those realms you just talked about?

Brian Moody:
What if. So, I don't know if you want to—

Shahin Pirooz:
I'll leave you with that.

Brian Moody:
Okay, he doesn't want to share yet. I was hoping I could coach it out of him, but—

Shahin Pirooz:
To your point, it's from the ground up. Even that first SOC service we launched, we included external posture management and internal security posture management. We evolved it as we went to SOC 2.0 to include continuous pen testing both outside and inside. We evolved that to include the ability to crawl through the cloud from a cloud posture management. And that was in 2018; we're eight years later. We've launched a product every quarter since then. So as you can imagine the portfolio has gotten pretty rich, pretty capable. I would say you're not going to find another security vendor that has the breadth of capabilities that we can put in front of you and your customers. So come talk to us.

Brian Moody:
Super excited. So you can reach out, you can find us on LinkedIn. You can find us at whitedogcyber.com. We've got a partner page. Jump in, give us your name, your phone number. My team would be happy to follow back up with you. Really exciting time from a standpoint of where we think this Open XDR piece with WhiteDog is going to go.

Shahin Pirooz:
One thing we like to leave people with is the capabilities, techniques that we use, to help you acquire customers. And one of those in this context is our External Security Posture Management. We provide that to our partners at no charge to run across any prospect or customer they want to. That is part of our service, that is part of what you get when you join the platform. And that gives you the ability to do an external scan of your partners, your customers, and be able to go to them with a scorecard that says, hey, here's your external posture. Imagine what you're inside might look like? And have a real dialogue about security based on data as opposed to based on emotions.

Brian Moody:
And then we've also talked about our Economic Roadmap. If you get involved in that conversation with a customer, the ability to map what they have, identify gaps that they may have, and then be able to utilize a format which we can share with you. This is our Economic Roadmap that can actually provide a TCO with respect to what that company has and what you could bring to market. And what we're finding is that we're 60 to 70% less than a build your own.

Shahin Pirooz:
That's with your pricing by the way not ours.

Brian Moody:
That's with our partner pricing. But that's a pretty huge economic advantage to be able to bring to an organization, being able to bring that cyber security as a service versus this build your own model. So those are two kind of key areas that I think that we could help you really grow your business and grow inside of current customers.  Reach out to us. Love to hear from you.

Shahin Pirooz:
With that, thank you so much for spending time with us, and we look forward to seeing you next month!

‍