What is Extended Detection and Response?
Extended detection and response, referred to as XDR, is a new approach to threat detection that provides holistic protection against cyberattacks, unauthorized access, and misuse.1 According to Forrester Research, “XDR unifies security-relevant endpoint detections with telemetry from security and business tools such as network analysis and visibility (NAV), email security, identity and access management, cloud security, and more. It is a cloud-native platform built on big data infrastructure to provide security teams with flexibility, scalability, and opportunities for automation.” Put simply, XDR solutions are proactive approaches to threat detection and response with broad visibility across all data. XDR can help security teams to identify hidden threats quickly and proactively, track threats across the organization, and improve efficiency. XDR benefits include:
Blocking cyberattacks. Integrated AI-driven antivirus and threat intelligence can block known and unknown attacks including malware, exploits, and fileless attacks.
Sophisticated cyberattack detection. Analytics and custom rules detect advanced persistent threats and other covert attacks.
Reducing alerts. Automated root cause analysis and unified incident engine help to simplify investigations and reduce the number of alerts that staff need to review.
Visibility. Collect and analyze data from any sources to investigate, detect, triage, and respond to threats.
IT staff efficiency. Endpoint security policy management and monitoring, investigation, and response across the network, endpoints, and cloud environments can be consolidated in one console.
Host restoration. Following an attack, malicious files and registry keys can be removed and damaged files and registry keys can be restored, for a quick recovery.
Third-party protection. Enable behavioral analytics on logs collected from third-party firewall and integrate third-party alerts into a unified incident view and root cause analysis for faster investigation.
Waste reduction. XDR reduces the number of wasted resources by reducing the number of subscriptions and duplicate tools that an organization needs to have.
Automation. Automation and orchestration streamline many security operations center processes.
Recommendations. XDR provides analysts with prescriptive recommendations to further an investigation through additional queries, and also offers relevant response actions that would be most effective for containment or remediation of detected risk or threat.
Hunting. Threat hunters can locate and take action based on recommendations provided through a common query capability across a data repository containing multi-vendor sensor telemetry in search of suspicious behaviors.
Reduce training. Training and up-leveling Tier 1 support can be reduced through a common management and workflow experience across security components.
1 Cortex, 2022, “What is XDR?”