Extended detection and response

Extended detection and response (XDR^[1][2]) is a cybersecurity technology that monitors and mitigates cyber security threats.^[3][4]

Concept[]

The term was coined by Nir Zuk of Palo Alto Networks in 2018.^[5] The 'X' in 'XDR' stands for "extended". Gartner defines XDR as “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.” Improved protection, detection capabilities, productivity, and lower ownership costs are the primary advantages of XDR.^[6]

The system works by collecting and correlating data across various network points such as servers, email, cloud workloads, and endpoints.^[7] The system analyzes the correlated data, lending it visibility and context, and revealing advanced threats. Thereafter, the threats are prioritized, analyzed, and sorted to prevent security collapses and data loss. The XDR system helps organizations to have a higher level of cyber awareness, enabling cyber security teams to identify and eliminate security vulnerabilities.^[3][8]

The XDR improves the malware detection and antivirus capabilities over the endpoint detection and response (EDR) system. XDR improves on the EDR capabilities to deploy high-grade security solutions by utilizing current technologies which proactively identifies and collects security threats, and employs strategies to detect future cyber security threats. It is an alternative to reactive endpoint protection solutions, such as EDR and network traffic analysis (NTA).^[4][6]

See also[]

• Endpoint security
• Data loss prevention software
• Endpoint detection and response

References[]