Given all the hype around extended detection and response (XDR) technology, it's worth starting this article by defining the term "XDR." XDR is an integrated suite of security products spanning hybrid IT architectures (such as LAN, WAN, infrastructure-as-a-service, data centers, etc.) designed to interoperate and coordinate on threat prevention, detection, and response. XDR unifies control points, security telemetry, analytics, and operations into one enterprise system.
The "X" in XDR is about moving from discrete to comprehensive threat detection. Rather than identifying security events on endpoints, networks, and in email, XDR promises to gather and correlate all these events across security controls. So, think threat detection across the cyber kill chain or aligned with the MITRE ATT&CK framework. The "D" is about data collection, processing, and analytics to detect cyberattacks faster and more accurately than existing systems. Typically, these activities will be cloud-native, taking advantage of massive scale for advanced analytics across months or even years' worth of data. Finally, the "R" is really tied to automation. XDR promises to remove a lot of security operations busy work by taking automated actions out-of-the-box. Kind of a poor man's turnkey security orchestration and response (SOAR).
That's the marketing take on XDR, but we've been talking about tools consolidation for years, well before someone came up with the term XDR. Is XDR real?
My esteemed colleague Dave Gruber and I just completed a research project on XDR to answer this question and others. Dave is an expert on endpoint detection and response (EDR), while I focus on the ..
Support the originator by clicking the read the rest link below.
 Technology){kind=link}