What Is XDR?

3min. read

Attackers always look for quick ways to steal data. Using readily available automated tools and advanced techniques, they can do so with ease, leaving your traditional network defenses ineffective.

 

 

XDR is a new approach to threat detection and response, a key element of defending an organization’s infrastructure and data from damage, unauthorized access and misuse.

XDR is an alternative to traditional reactive approaches that provide only layered visibility into attacks, such as endpoint detection and response, or EDR; network traffic analysis, or NTA; and security information and event management, or SIEM. Layered visibility provides important information, but can also lead to problems, including:

  • Too many alerts that are incomplete and lack context. EDR detects only 26 percent of initial vectors of attack,1 and due to the high volume of security alerts, 54 percent of security professionals ignore alerts that should be investigated.2
  • Time-consuming, complex investigations that require specialized expertise. With EDR, the mean time to identify a breach has increased to 197 days,3 and the mean time to contain a breach has increased to 69 days.3
  • Technology-focused tools rather than user- or business-focused protection. EDR focuses on technology gaps rather than the operational needs of users and organizations. With more than 40 tools used in an average Security Operations Center,4 23 percent of security teams spend time maintaining and managing security tools rather than performing security investigations.5

The net result for already-overburdened security teams can be an endless stream of events, more tools and information to pivot between, longer time to detection, and security expenditures that are over budget yet not fully effective.

XDR brings a proactive approach to threat detection and response. It delivers visibility into data across networks, clouds and endpoints while applying analytics and automation to address today’s increasingly sophisticated threats. With XDR, security teams can:

  • Identify hidden, stealthy and sophisticated threats proactively and quickly
  • Track threats across any source or location within the organization
  • Increase the productivity of the people operating the technology
  • Get more out of their security investments
  • Conclude investigations more efficiently

From a business perspective, XDR enables organizations to prevent successful cyberattacks as well as simplify and strengthen security processes. This, in turn, enables them to better serve users and accelerate digital transformation initiatives – because when users, data and applications are protected, companies can focus on strategic priorities.

Watch this video to learn how XDR enables organizations to optimize detection and response in the SOC.

 

1. "Endpoint Protection and Response: A SANS Survey," SANS Institute, 2018
2. "2017: Security Operations Challenges, Priorities, and Strategies," ESG, 2017
3. “2018 Cost of a Data Breach Study,” Ponemon Institute, 2018
4. "SANS 2018 Security Operations Center Survey," SANS Institute, 2018
5. "Investigation or Exasperation? The State of Security Operations," IDC, 2017

 

 

 

Related Resources

Article

What is an Endpoint?

Endpoints are remote computing devices that connect to a network and communicates back and forth with the network.

Read
Article

What Is a SOC?

A security operations center (SOC) is a physical room or area within an organization in which cybersecurity analysts work to monitor enterprise systems, defend against security breaches, and identify, investigate, and mitigate cybersecurity threats.

Read