Jump to content

Extended detection and response

From Wikipedia, the free encyclopedia

Extended detection and response (XDR[1][2][3]) is a cybersecurity technology that monitors and mitigates cyber security threats.[4][5]

Concept

[edit]

The term was coined by Nir Zuk of Palo Alto Networks in 2018.[6]

According to Chapple, Stewart and Gibson, XDR is not so much another tool as the collection and integration of several concepts into a single solution, the components varying from vendor to vendor and often including NTA (network traffic analysis), NIDS and NIPS.[7]

According to Gartner:[8]

Extended detection and response (XDR) delivers security incident detection and automated response capabilities for security infrastructure. XDR integrates threat intelligence and telemetry data from multiple sources with security analytics to provide contextualization and correlation of security alerts. XDR must include native sensors, and can be delivered on-premises or as a SaaS offering. Typically, it is deployed by organizations with smaller security teams.

— Gartner, 2023 Market Guide for Extended Detection and Response

The system works by collecting and correlating data across various network points such as servers, email, cloud workloads, and endpoints.[9] The data is then analyzed and correlated, lending it visibility and context, and revealing advanced threats. Thereafter, the threats are prioritized, analyzed, and sorted to prevent security collapses and data loss. The XDR system helps organizations to have a higher level of cyber awareness, enabling cyber security teams to identify and eliminate security vulnerabilities.[4][10]

The XDR solution monitors the malware detection and antivirus capabilities of the endpoint detection and response (EDR) system and many extra cyber log sources to create greater context for Security Operations Center (SOC) teams to perform faster threat detection, investigation and response. XDR improves on the EDR capabilities to deploy high-grade security solutions by utilizing current technologies which proactively identifies and collects security threats, and employs strategies to detect future cyber security threats. It is an alternative to reactive endpoint protection solutions, such as EDR and network traffic analysis (NTA).[5]

See also

[edit]

References

[edit]
  1. ^ What is XDR? - Palo Alto Networks
  2. ^ What is XDR? - Extended Detection and Response - Cisco
  3. ^ "What Is Extended Detection and Response (XDR)?". Trellix.
  4. ^ a b "Gartner Top 9 Security and Risk Trends for 2020". www.gartner.com. Retrieved 2020-10-26.
  5. ^ a b "Understanding XDR Security: Complete Guide". Cynet. Retrieved 2020-10-26.
  6. ^ Rubin, Kevin (2021-07-12). "What is extended detection and response?". Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support. Retrieved 2022-07-29.
  7. ^ Mike Chapple, James Michael Stewart, Darril Gibson (June 2021). (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (9th ed.). Wiley. p. 49. ISBN 978-1-119-78623-8.{{cite book}}: CS1 maint: multiple names: authors list (link) CS1 maint: year (link)
  8. ^ "Untangling XDR: Our Take on the 2023 Gartner® Market Guide". www.trellix.com. Retrieved 2023-10-26.
  9. ^ "What is Extended Detection and Response (XDR)".
  10. ^ Oltsik, Jon (2020-06-08). "What is XDR? 10 things you should know about this security buzz term". CSO Online. Retrieved 2020-10-26.
  翻译: