Extended Detection and Response (XDR)
Extended Detection and Response (XDR) is an emerging field in the cyber security arena.
History[edit][edit]
Extended Detection and Response (XDR) began in 2019 as a progression of Endpoint Detection and Response (EDR). XDR vendors claim to provide detection and response across broader systems and networks, including cloud services, on-premise data centers, and Internet of Things (IoT) networks.[1]
XDR is still a nascent technology, with differing interpretations, but the consensus is that its goal is to progress beyond the EDR model to achieve a broader view of activity across security controls. More automation can be applied to deliver better coverage, insights, and ultimately more automated response actions for today's sophisticated attacks.[2]
There have been different interpretations of what the “X” in XDR stands for, but the general concept is built on the success of the endpoint detection and response (EDR) model, now “extending” that model to aggregate and correlate telemetry from additional security controls, adding network, cloud, email, and more. Another interpretation of the “X” in XDR is that it represents a “cross”-controls detection and response solution. Sometimes the “X” is interpreted as a wild-card to denote the multiple security controls that can be assembled into the detection and response technology, replacing the “E” of EDR which originally stood for endpoint only.
Concept[edit][edit]
XDR is positioning itself as a way for organizations to overcome some of the main pain points in their security operations. Firstly, faster threat detection and response. XDR solutions are often based on advanced analytics (including Artificial Intelligence) to bridge the gaps created by the many security tools from different vendors, that are "siloed" and not communicating smoothly and quickly with one another. This has been called the "Silos Syndrome"[3] and has been blamed for the slow and inefficient running of security platforms.
XDR should also help detect low-and-slow campaigns and advanced persistent threats (APTs), detecting attack kill chains rather than discrete signals. ESG research indicates that 84% of organizations are actively integrating security technologies so XDR can act as a turnkey security technology integration solution, and 80% of organizations would be willing to spend the majority of their security technology budget with a single enterprise-class security vendor.[4]
XDR tools can work in conjunction with Security Incident and Event Management (SIEM) and Security Orchestration and Response (SOAR) tools to reduce the volume of false positives coming into these tools and enrich the content coming into the security orchestration tools. Alternately an organization (usually a smaller one) can use an XDR tool as the lead orchestration tool, working directly with endpoint security tools like Firewalls and others.
- ↑ https://dzone.com/articles/a-brief-history-of-edr-security
- ↑ https://www.esg-global.com/blog/xdr-the-next-big-thing-in-threat-detection-and-response
- ↑ https://solutionsreview.com/security-information-event-management/phishing-has-been-around-for-a-long-time-why-did-twitter-fall-for-it/
- ↑ https://www.csoonline.com/article/3561291/what-is-xdr-10-things-you-should-know-about-this-security-buzz-term.html?upd=1596704377524
References[edit]
This article "Extended Detection and Response (XDR)" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Extended Detection and Response (XDR). Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
