XDR or Extended Detection and Response comes from the acronym EDR which means Endpoint Detection and Response. XDR is mostly of centralize threat tooling, after all our primary mission is to look for threats, to IT security,
and gain greater control over security.

More than just Endpoint Security

If you just have EDR, XDR is above and beyond that

XDR usually includes:

  • Network Traffic Analysis
  • Integrated Threat Intelligence
  • Machine Learning based detection
  • Investigation Response Orchestration
  • Dynamic deployment for adaptive security (meaning more than one set of tools can be deployed when necessary)

The idea here is that EDR focuses on the endpoint while XDR has a broader field of view in addition
to the endpoint also the network, maybe the stuff that you have in the cloud, the M365, Provides visibility across network, endpoint, cloud and system components.

Includes analytics automation and the fact that XDR IS PROACTIVE AND TRYING TO GET AHEAD OF THE CURVE
INSTEAD OF BEING REACTIVE.

XDR is for security teams:

  • Identify sophisticated or hidden threats
  • Across multiple components (network,endpoint,cloud) more than the endpoint
  • Improve detection and response speed
  • Investigate threats more effectively

XDR evolved from standalone tools which offer limited visibility

  • EDR is strictly at the endpoint – strictly focus on the endpoint
  • NTA is strictly at the network layer
  • Layer specific tools = more alerts, more effort

3 Fundamental Features of XDR from Analytics and Detection Point of View

  • Internal and External Traffic why so? Because sometimes you’ve got threats that begin
    inside because your credentials got compromised.
  • Integrate Threat Intelligence
  • Good THREAT INTELLIGENCE OCCURS AT MULTIPLE LEVELS
    -Global, Community, Local – attack methods, tactics, non-traditional techniques

Machine Learning based detection simple because there-s such a lot of traffic or a lot of activity going on that there’s no way a human even if they are dedicated to your particular assets or set of assets can possibly stay on top of so unsupervised anomaly detection is a foundational element in XDR. The ability to detect non-traditional threats above and beyond what the signature based stuff would do.