Final week, Forrester launched The Forrester Wave™: Prolonged Detection And Response Platforms, Q2 2026. That is the third iteration of the prolonged detection and response (XDR) Wave, with prior variations printed in 2021 and 2024. This Wave differs considerably from the previous, particularly due to:
- The variety of distributors. This yr, solely seven distributors have been invited to take part within the Wave: Bitdefender, CrowdStrike, Elastic, Microsoft, Palo Alto Networks, SentinelOne, and TrendAI. It was crucial to us to prioritize the distributors which have essentially the most important traction and differentiation on this yr’s analysis, which is why we included so few in comparison with earlier years (11 in the newest and 14 earlier than that). The smaller vendor checklist additionally allowed us to get a greater sense for true differentiation out there.
- The addition of latest detection surfaces. This yr, we added new standards similar to detection floor: id; detection floor: cloud; and menace intelligence. The addition of the brand new detection surfaces, and the specificity of them, is essential, as Forrester sees id and cloud as two of an important domains the place detection can determine assaults that will in any other case be missed or downgraded in significance. Many XDR distributors have adopted the identical method — for instance, Palo Alto Networks has consolidated its Prisma Cloud functionality into its Cortex platform.
- The prioritization of menace intelligence. XDR distributors are rightly prioritizing well timed, correct, and native menace intelligence greater than ever, particularly given the geopolitical modifications happening. One of the best menace intelligence offered within the cleanest and most accessible method could make the distinction between seeing or lacking an assault, which makes it a core detection and response characteristic.
- The elevated deal with SIEM alternative options. In earlier years, safety info and occasion administration (SIEM) alternative was an experimental functionality for XDR distributors. This yr, it’s a actuality. For instance, Microsoft has now merged Defender XDR and Sentinel into one unified analyst expertise.
- A separate standards for AI brokers and agentic methods. Beforehand, the Wave mixed AI and machine studying into one standards; on this Wave, the standards are separate. The worth of AI in safety operations is selecting up velocity by AI brokers, that are supporting safety operations heart capabilities, significantly for triage and investigation. In terms of evaluating these capabilities, nonetheless, an important differentiation comes from the testing and validation methods that distributors use to take action. Learn extra about how distributors take a look at and validate their AI capabilities in Panning For Gold: How To Consider Generative AI Capabilities In Safety Instruments.
These modifications additionally enabled us to get a greater sense of the place the bleeding-edge improvements have been happening out there. XDR distributors are definitively constructing detection and response platforms to cowl extra domains with extra specificity in detection capabilities than has been carried out earlier than, definitely at a single vendor.
Learn the complete report for all of the insights we have been capable of garner because of months of analysis: The Forrester Wave™: Prolonged Detection And Response Platforms, Q2 2026.
If you’re a Forrester consumer, e-book an inquiry or steerage session with me in case you have questions concerning the outcomes.
