What is XDR?

6 min video

What exactly is XDR? To understand that we need to review the security journey that has transpired over the past 10-15 years. What started with AntiVirus to protect against malware evolved into Endpoint Detection & Response (EDR)/Managed Detection & Response (MDR) and now Extended Detection & Response (XDR). XDR represents the next generation of IT security and extends the scope of MDR beyond the endpoint in order to remove blind spots. Watch the video to learn more.

What is XDR?

XDR stands for Extended Detection & Response. It is an evolution that began with Endpoint Detection & Response (EDR) and progressed to Managed Detection & Response (MDR), both of which have become popular in industry. XDR is the next generation of IT security, and it solves some problems the existing services face.

Managed-XDR.png

The “X” in XDR: Extended

The “extension” aspect begins with expanding the scope of monitoring. Whereas EDR and MDR assumes the security problems are associated with the endpoints, such as workstations, servers, laptops, XDR assumes that there is more in your network beyond just the endpoints, for instance network devices, firewalls, access points, switches, bridges, routers. Software-as-a-Service (SaaS) applications like Microsoft 365, the Google Workspace, Salesforce, are also examples of vulnerabilities beyond the endpoint, as well as Platform-as-a-service (PaaS) like AWS and Azure incorporated into your enterprise network. This is quite common, so having a very endpoint specific view is too narrow for modern cybersecurity.

The ”R” in XDR: Response

The R in XDR represents an automatic response beyond just the standard that is covered by EDR/MDR. EDR will kill a process on an endpoint or isolate an endpoint to address threats. XDR takes the response capability beyond that, such as making a change to the M365 configuration to block a sender, or adjusting firewall access control list, or even disabling a user in Active Directory. All these capabilities for automatic response are possible within XDR.

Removing Blind Spots

The idea is to integrate and leverage all the other security investments in order to get faster detection, more complex problems being detected, and ultimately leading to faster response. In sum, XDR is removing blind spots. You have an EDR solution, you have an IDS, you have a SIEM. These tend to be siloed security tools and leave blind spots in between. XDR integrates and correlates everything.

Netsurion Managed Open XDR predicts, prevents, detects, and responds to advanced threats to stay ahead of cyber criminals when every minute matters.