What Is XDR?

 

3 min read

XDR is a new approach to threat detection and response, a key element of defending an organization’s infrastructure and data from damage, unauthorized access and misuse.

XDR is an alternative to traditional reactive approaches that provide only layered visibility into attacks, such as endpoint detection and response, or EDR; network traffic analysis, or NTA; and security information and event management, or SIEM. Layered visibility provides important information, but can also lead to problems, including:

  • Too many alerts that are incomplete and lack context. EDR detects only 26 percent of initial vectors of attack,1 and due to the high volume of security alerts, 54 percent of security professionals ignore alerts that should be investigated.2
  • Time-consuming, complex investigations that require specialized expertise. With EDR, the mean time to identify a breach has increased to 197 days,3 and the mean time to contain a breach has increased to 69 days.3
  • Technology-focused tools rather than user- or business-focused protection. EDR focuses on technology gaps rather than the operational needs of users and organizations. With more than 40 tools used in an average Security Operations Center,4 23 percent of security teams spend time maintaining and managing security tools rather than performing security investigations.5

The net result for already-overburdened security teams can be an endless stream of events, more tools and information to pivot between, longer time to detection, and security expenditures that are over budget yet not fully effective.

XDR brings a proactive approach to threat detection and response. It delivers visibility into data across networks, clouds and endpoints while applying analytics and automation to address today’s increasingly sophisticated threats. With XDR, security teams can:

  • Identify hidden, stealthy and sophisticated threats proactively and quickly
  • Track threats across any source or location within the organization
  • Increase the productivity of the people operating the technology
  • Get more out of their security investments
  • Conclude investigations more efficiently

From a business perspective, XDR enables organizations to prevent successful cyberattacks as well as simplify and strengthen security processes. This, in turn, enables them to better serve users and accelerate digital transformation initiatives – because when users, data and applications are protected, companies can focus on strategic priorities.

Watch this video to learn how XDR enables organizations to optimize detection and response in the SOC.

 

1. "Endpoint Protection and Response: A SANS Survey," SANS Institute, 2018
2. "2017: Security Operations Challenges, Priorities, and Strategies," ESG, 2017
3. “2018 Cost of a Data Breach Study,” Ponemon Institute, 2018
4. "SANS 2018 Security Operations Center Survey," SANS Institute, 2018
5. "Investigation or Exasperation? The State of Security Operations," IDC, 2017