Many organizations have, or are considering building, a security operations capability by deploying a SIEM solution. However, standing up a Security Operations Center (SOC) is very expensive and requires specialized skills to maximize the value of technology with malware analysis, forensics, security analytics, etc. These skill sets are not always readily available and can’t be easily trained because cyber skills cover a wide range of disciplines. They are also expensive and in high demand, which means that not every organization can afford to have in-house staff that can really get the best results from these Endpoint Detection and Response (EDR) tools. EDR and its close cousin Endpoint Protection Platform (EPP) are crucial sources of information for XDR because over 70 percent of data breaches occur through compromised endpoints. Some organizations have built out incident response or security operations teams but don’t have the budget to staff these beyond standard work hours and workdays.