XDR is a new approach to threat detection and response, a key element of defending an organization’s infrastructure and data from damage, unauthorized access and misuse.
XDR is an alternative to traditional reactive approaches that provide only layered visibility into attacks, such as endpoint detection and response, or EDR; network traffic analysis, or NTA; and security information and event management, or SIEM. Layered visibility provides important information, but can also lead to problems, including:
The net result for already-overburdened security teams can be an endless stream of events, more tools and information to pivot between, longer time to detection, and security expenditures that are over budget yet not fully effective.
XDR brings a proactive approach to threat detection and response. It delivers visibility into data across networks, clouds and endpoints while applying analytics and automation to address today’s increasingly sophisticated threats. With XDR, security teams can:
From a business perspective, XDR enables organizations to prevent successful cyberattacks as well as simplify and strengthen security processes. This, in turn, enables them to better serve users and accelerate digital transformation initiatives – because when users, data and applications are protected, companies can focus on strategic priorities.
Watch this video to learn how XDR enables organizations to optimize detection and response in the SOC.
1. "Endpoint Protection and Response: A SANS Survey," SANS Institute, 2018
2. "2017: Security Operations Challenges, Priorities, and Strategies," ESG, 2017
3. “2018 Cost of a Data Breach Study,” Ponemon Institute, 2018
4. "SANS 2018 Security Operations Center Survey," SANS Institute, 2018
5. "Investigation or Exasperation? The State of Security Operations," IDC, 2017