What is extended detection and response (XDR)?
Key benefits of XDR
XDR offers a range of security benefits that give enterprises holistic, flexible, and efficient protection against threats.
-
Increased visibility
XDR expands an enterprise’s view, offering a fuller understanding of its security landscape. By integrating telemetry data across multiple endpoints, networks, email, applications, and more, XDR illuminates relationships between alerts and incidents, creating broader threat visibility and freeing up analyst time and resources.
-
Alert management
XDR reduces the amount of time analysts spend manually investigating threats. Correlated alerts streamline notifications and reduce noise in analyst inboxes. By collating related alerts, an XDR system increases efficiency and provides a more complete picture of the incident.
-
Incident prioritization
XDR evaluates incidents and provides weighted assessments to prioritize remediation and recommend actions aligned with key industry or regulatory standards, or an enterprise’s custom requirements.
-
Automated tasks
XDR offers tools that automate repetitive tasks and reduce analyst labor.
-
Increased efficiency
XDR’s centralized management tools increase the accuracy of alerts and simplify the number of solutions analysts must access to assess threats.
-
Real time threat detection
XDR identifies threats in real time and deploys automated remediations, eliminating access or reducing the amount of time an attacker has access to enterprise data and systems.
-
Integrated response across multiple security tools
XDR remediates threats across all enterprise security products, and provides centralized analytics, response, and remediation.
Learn more about Microsoft Security
An XDR platform is an SaaS-based security tool that draws on an enterprise’s existing security tools, integrating them into a centralized security system. An XDR pulls raw telemetry data from across multiple tools like cloud applications, email security, identity, and access management. Using AI and machine learning, the XDR then performs automatic analysis, investigation, and response in real time. XDR also correlates security alerts into larger incidents, allowing security teams greater visibility into attacks, and provide incident prioritization, helping analysts understand the risk level of the threat.
XDR is a natural evolution from endpoint detection and response (EDR), which primarily focuses on endpoint security. XDR broadens EDR’s scope, offering integrated security across a wider range of products, from networks and servers to cloud-based applications and endpoints. XDR offers flexibility and integration across an enterprise’s range of existing security tools and products.
Native XDR systems integrate with an enterprise’s existing portfolio of security tools, while hybrid XDR also uses third party integrations for telemetry data collection.
XDR offers a range of integrations, including an enterprise’s existing SOAR and SIEM systems, endpoints, cloud environments, and on-premises systems.
Managed detection and response (MDR) is a human-managed security service provider. Often MDRs use XDR systems to meet an enterprise’s security needs.