Extended detection and response

The term was coined by Nir Zuk of Palo Alto Networks in 2018.{{Cite web |last=Rubin |first=Kevin |date=2021-07-12 |title=What is extended detection and response? |url=https://www.stratospherenetworks.com/blog/what-is-xdr-your-guide-to-extended-detection-and-response/ |access-date=2022-07-29 |website=Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support |language=en-US}}

According to Chapple, Stewart and Gibson, XDR is not so much another tool as the collection and integration of several concepts into a single solution, the components varying from vendor to vendor and often including NTA (network traffic analysis), NIDS and NIPS.{{Cite book |last=Mike Chapple, James Michael Stewart, Darril Gibson |title=(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide |publisher=Wiley |year=June 2021 |isbn=978-1-119-78623-8 |edition=9th |pages=49 |language=En}}

According to Gartner:{{Cite web |title=Untangling XDR: Our Take on the 2023 Gartner® Market Guide |url=https://www.trellix.com/en-us/about/newsroom/stories/xdr/untangling-xdr-our-take-on-the-2023-gartner-market-guide.html |access-date=2023-10-26 |website=www.trellix.com |language=en}}

{{Quote|text=Extended detection and response (XDR) delivers security incident detection and automated response capabilities for security infrastructure. XDR integrates threat intelligence and telemetry data from multiple sources with security analytics to provide contextualization and correlation of security alerts. XDR must include native sensors, and can be delivered on-premises or as a SaaS offering. Typically, it is deployed by organizations with smaller security teams.|author=Gartner|title=2023 Market Guide for Extended Detection and Response|source=}}

The system works by collecting and correlating data across various network points such as servers, email, cloud workloads, and endpoints.{{Cite web |title=What is Extended Detection and Response (XDR) |url=https://www.vmware.com/topics/glossary/content/xdr-extended-detection-and-response.html}} The data is then analyzed and correlated, lending it visibility and context, and revealing advanced threats. Thereafter, the threats are prioritized, analyzed, and sorted to prevent security collapses and data loss. The XDR system helps organizations to have a higher level of cyber awareness, enabling cyber security teams to identify and eliminate security vulnerabilities.{{Cite web|last=Oltsik|first=Jon|date=2020-06-08|title=What is XDR? 10 things you should know about this security buzz term|url=https://www.csoonline.com/article/3561291/what-is-xdr-10-things-you-should-know-about-this-security-buzz-term.html|access-date=2020-10-26|website=CSO Online|language=en}} It provides end-to-end visibility and integration of different solutions, improving the responsiveness of information security structures and addressing disparate tools (according to a 2021 study, 32% of organizations used between 21 and 30 separate security tools in response to each threat, and 13% used more than 31 tools).{{Cite web |date=2023-03-03 |title=What Is Extended Detection and Response (XDR)? {{!}} IBM |url=https://www.ibm.com/think/topics/xdr |access-date=2025-03-22 |website=www.ibm.com |language=en}}

The XDR solution monitors the malware detection and antivirus capabilities of the endpoint detection and response (EDR) system and many extra cyber log sources to create greater context for Security Operations Center (SOC) teams to perform faster threat detection, investigation and response. XDR improves on the EDR capabilities to deploy high-grade security solutions by utilizing current technologies which proactively identifies and collects security threats, and employs strategies to detect future cyber security threats. It is an alternative to reactive endpoint protection solutions, such as EDR and network traffic analysis (NTA).

• Endpoint security
• Data loss prevention software
• Endpoint detection and response
• Network detection and response

{{Reflist}}

Category:Security technology