Extended detection and response (XDR) is no longer a future state in cybersecurity practice — it's a full-fledged reality for some. In fact, it's been a thing for a lot longer than you might think.
Still, XDR is new vocabulary for many security operations center (SOC) teams, and the contours of this wide-ranging term can often feel a little fuzzy.
Sam Adams, VP for Detection and Response at Rapid7, recently sat down with Forrester Analyst Allie Mellen to dig deeper into the conceptual framework behind XDR and unpack how organizations can benefit from this approach.
Defining XDR
Allie and her colleagues at Forrester think of XDR "as an extension of endpoint detection and response technology," she told Sam. "It's about taking that philosophy that endpoint detection and response vendors have had for a long time around protecting where the business data is, around protecting the endpoint, and recognizing that, ultimately, that's not enough for a SOC."
The key concept behind XDR is to expand the sources of telemetry that SOC teams have at their disposal in order to widen their capabilities and help them better protect their organizations.
Identifying the right detections
Sam echoed the importance of this shift in mindset. He noted that when Rapid7 first launched InsightIDR as a security information and event management (SIEM) tool, we started out with a more prescriptive mindset: "Let's find attacker behavior we're interested in finding and figure out what sort of data we ..
Support the originator by clicking the read the rest link below.
