Extended detection and response or XDR is a new approach to threat detection and response that provides holistic protection against cyberattacks, unauthorized access and misuse. Coined by Nir Zuk, Palo Alto Networks CTO, in 2018, XDR breaks down traditional security silos to deliver detection and response across all data sources.
According to analyst firm Gartner, XDR is “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system.” The definition of XDR from Forrester Research is a bit more expansive: “The evolution of EDR, which optimizes threat detection, investigation, response, and hunting in real time. XDR unifies security-relevant endpoint detections with telemetry from security and business tools such as network analysis and visibility (NAV), email security, identity and access management, cloud security, and more. It is a cloud-native platform built on big data infrastructure to provide security teams with flexibility, scalability, and opportunities for automation.”
XDR solutions bring a proactive approach to threat detection and response. It delivers visibility across all data, including endpoint, network, and cloud data, while applying analytics and automation to address today’s increasingly sophisticated threats. With XDR, cybersecurity teams can:
From a business perspective, XDR platforms enable organizations to prevent successful cyberattacks as well as simplify and strengthen security processes. This, in turn, lets them better serve users and accelerate digital transformation initiatives – because when users, data and applications are protected, companies can focus on strategic priorities.
XDR security is an alternative to traditional reactive approaches that provide only layered visibility into attacks, such as endpoint detection and response, or EDR; network detection and response, or NDR; and user behavior analytics, or UBA, and security information and event management (SIEM). Layered visibility provides important information, but can also lead to problems, including:
Endpoint detection and response refers to a category of tools used to find and investigate threats on endpoint devices. EDR tools typically provide detection, analysis, investigation and response capabilities. Compared to these security solutions, XDR takes a wider view, integrating data from endpoint, cloud, identity, and other solutions.
EDR products monitor events generated by endpoint agents to look for suspicious activity, and alerts they create help SecOps analysts identify, investigate and remediate issues. These solutions also collect telemetry data on suspicious activity and may enrich that data with other contextual information from correlated events. However, they lack key capabilities that slow down incident response. EDR solutions do not offer integrations with other tools and data sources for full visibility, so they cannot provide holistic protection.
Managed detection and response (MDR) services offer dedicated personnel and technology to improve the effectiveness of security operations in threat identification, investigations and response. These services complement traditional managed security services that focus on broad security alert management and triage.
While various definitions exist, MDR services universally provide the following value:
Cortex XDR is the world’s first extended detection and response platform that natively integrates network, endpoint, cloud and third-party data to stop modern attacks. It unifies prevention, detection, investigation, and response in one platform for unrivaled security and operational efficiency. Cortex XDR accurately detects threats with behavioral analytics and reveals the root cause to speed up investigations.
Tight integration with enforcement points accelerates containment, enabling you to stop attacks before the damage is done. Combined with our Managed Threat Hunting service, our XDR solution gives you round-the-clock protection and industry-leading coverage of MITRE ATT&CK techniques.
Watch this video to learn the capabilities and benefits of Cortex XDR.
For more information on XDR, download one of our resources: