* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/)
* The Journey to Extended D...

# The Journey to Extended Detection and Response - XDR

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2021%2F12%2Fthe-journey-to-xdr-technology%2F)  
[](https://twitter.com/share?text=The+Journey+to+Extended+Detection+and+Response+-+XDR&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2021%2F12%2Fthe-journey-to-xdr-technology%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2021%2F12%2Fthe-journey-to-xdr-technology%2F&title=The+Journey+to+Extended+Detection+and+Response+-+XDR&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2021/12/the-journey-to-xdr-technology/&ts=markdown)  
\[\](mailto:?subject=The Journey to Extended Detection and Response - XDR)  
Link copied  
By [Kasey Cross](https://www.paloaltonetworks.com/blog/author/kasey-cross/?ts=markdown "Posts by Kasey Cross")  
Dec 10, 2021  
4 minutes  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)

## How We Got Here and Where We're Headed

Is XDR the future of detection and response? By looking at how cybersecurity has evolved, we can better predict where it's headed. It's easy to see the rapid changes that have already occurred because cybersecurity evolves quickly. The solutions that blocked attacks thirty years ago would wilt in the face of modern threats today.

In the never-ending cat-and-mouse game of security, adversaries keep creating new exploits and evasion methods as defenders devise innovative ways to stop them. New products emerge to tackle rising threats, while existing products adapt, merge or fade away.
![The Journey from Siloed Security to XDR](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/11/BLOG-shortersiloedvideo3-650.gif)
[Check out the interactive Journey from Siloed Security to XDR](https://www.paloaltonetworks.com/xdr-journey?utm_source=KaseyBlog-GTM-global-cortex&utm_medium=social&ts=markdown)

## Endpoint Security in Flux

Nowhere is cybersecurity's rapid evolution more apparent than in endpoint security. From the first prototypes of viruses in the 1970s to today, endpoints have constantly stayed in the crosshairs.

Not long after the term "computer virus" was coined in late 1983, the first antivirus products appeared on the scene. Antivirus evolved over time, slowly incorporating more features, such as host firewall and disk encryption, to become endpoint protection platforms.

No matter how much the technology advanced, it could never stop all attacks. This [led Gartner to claim](https://start.paloaltonetworks.com/gartner-hype-cycle-for-security-operations-2021), "Endpoint protection platforms (EPP) no longer address the nature of modern threats as it is no longer practical to focus on achieving 100% prevention and protection."

## Detection, Response and Analytics

While legacy antivirus morphed into an EPP and next-generation antivirus (NGAV), a separate category of tools emerged to detect and stop endpoint attacks. By 2013, Gartner named the category of endpoint tools, "primarily focused on detecting and investigating suspicious activities," as "[Endpoint Threat Detection and Response](https://blogs.gartner.com/anton-chuvakin/2013/07/26/named-endpoint-threat-detection-response/)." Two years later, the name evolved to Endpoint Detection and Response (EDR). But EDR products didn't stop there. Over time, they added cloud-based delivery, endpoint protection and other enhancements to improve investigation and response.

Meanwhile, organizations faced an array of threats that EDR solutions couldn't address. Security teams had limited visibility into cloud workloads, IoT and unmanaged devices. Advanced adversaries were even exploiting routers and load balancers and using them as an entry point into organizations' networks. They were stealing credentials and moving laterally until they achieved their objectives. Malicious insiders were exploiting their existing privileges to access and steal sensitive data.

To combat these dangerous threats, security teams deployed a variety of nascent tools including network detection and response (NDR), cloud detection and response (CDR) and user behavior analytics (UBA or UEBA).

## XDR: The Future of Detection and Response --- Endpoint Security and More

Over the past decade, organizations armed their security teams with an ever-growing number of siloed tools. As a result, the average organization has 45 cybersecurity tools, with more tools associated with lower confidence in ability to respond to attacks, according to the [Ponemon Institute](https://securityintelligence.com/posts/2020-cyber-resilient-organization-preparation-technology-differentiate-high-performers/). These tools are costly to manage and typically don't work well together to stop attacks.

Because of all these disjointed tools, security analysts claim it takes them [over 10 minutes to investigate each alert](https://www.criticalstart.com/wp-content/uploads/2021/02/CS_Report-The-Impact-of-Security-Alert-Overload.pdf). They also face a deluge of alerts, with SOC teams receiving over [11,000+](https://www.paloaltonetworks.com/resources/research/state-of-secops-forrester-consulting-study?ts=markdown)alerts per day on average.

Palo Alto Networks CTO and co-founder, Nir Zuk, realized that security teams needed a new approach to detection, response and endpoint security. At our 2018 Ignite User Conference, Nir introduced the concept of XDR, and disrupted the cybersecurity status quo. Nir stated, "EDR as popular as it is right now, I predict, is dead. It just doesn't make any sense to do detection and response based on data coming just from endpoints."

\&amp;lt;span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce\_SELRES\_start"\&amp;gt;﻿\&amp;lt;/span\&amp;gt;

Since that date, [XDR technology](https://www.paloaltonetworks.com/cyberpedia/what-is-xdr?ts=markdown) has taken security by storm. Now, the security community, including practitioners, industry analysts and other security vendors, have embraced the category. [The Gartner® Market Guide for XDR](https://start.paloaltonetworks.com/gartner-xdr-market-guide-2021.html?utm_source=SubwayMapBlog-GTM-global-cortex&utm_medium=social) and the [Forrester New Wave™: Extended Detection and Response (XDR](https://start.paloaltonetworks.com/2021-forrester-xdr-wave)) both help validate this growing market category.

We believe XDR technology will subsume many siloed tools, including EPP, EDR, NDR, CDR and UBA. Because XDR applies analytics to integrated data, it delivers more accurate attack detection than siloed security. It also simplifies investigations by providing everything you need to investigate incidents in one place, including data from any source, so you can eliminate swivel chair syndrome.

## Journey from Siloed Security to Extended Detection and Response

Explore our interactive map, [*The Journey from Siloed Security to XDR*](https://www.paloaltonetworks.com/xdr-journey?utm_source=KaseyBlog-GTM-global-cortex&utm_medium=social&ts=markdown), to find out interesting facts and milestones in the evolution of cybersecurity. You'll see how we got here and where we're headed. Share this map with your peers and discuss your predictions for the future of detection and response. It's been a wild ride so far!

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### A Leader in the 2025 Gartner Magic Quadrant for EPP --- 3 Years Running](https://www.paloaltonetworks.com/blog/2025/07/named-a-leader-gartner-magic-quadrant/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### MITRE ATT\&CK Evaluations --- Cortex XDR Among Elite in Endpoint Security](https://www.paloaltonetworks.com/blog/2025/02/mitre-attck-evaluations-cortex-xdr-among-elite-endpoint-security/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Excels in MITRE Managed Services Evaluation](https://www.paloaltonetworks.com/blog/2024/06/unit-42-mdr-in-mitre-managed-services-evaluation/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Forrester Names Palo Alto Networks a Leader in XDR](https://www.paloaltonetworks.com/blog/2024/06/forrester-names-palo-alto-networks-a-leader-in-xdr/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Customer Spotlight](https://www.paloaltonetworks.com/blog/category/customer-spotlight/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### AI Powers Sabre's Enhanced Threat Detection \& Response](https://www.paloaltonetworks.com/blog/2024/05/precision-ai-powers-sabres-enhanced-threat-detection-response/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### The Dark Side of AI in Cybersecurity --- AI-Generated Malware](https://www.paloaltonetworks.com/blog/2024/05/ai-generated-malware/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language