Extended Detection And Response
   HOME

TheInfoList



Click Here for Items Related To - Extended Detection And Response
OR:
Extended Detection And Response on:   [Wikipedia]   [Google]   [Amazon]

Extended detection and response (XDR) is a
cybersecurity Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and networks from thr ...
technology that monitors and mitigates cyber security threats.


Concept

The term was coined by Nir Zuk of
Palo Alto Networks Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to ...
in 2018. According to Chapple, Stewart and Gibson, XDR is not so much another tool as the collection and integration of several concepts into a single solution, the components varying from vendor to vendor and often including NTA (network traffic analysis), NIDS and NIPS. According to Gartner: The system works by collecting and correlating data across various network points such as servers, email, cloud workloads, and endpoints. The data is then analyzed and correlated, lending it visibility and context, and revealing advanced threats. Thereafter, the threats are prioritized, analyzed, and sorted to prevent security collapses and data loss. The XDR system helps organizations to have a higher level of cyber awareness, enabling cyber security teams to identify and eliminate security vulnerabilities. It provides end-to-end visibility and integration of different solutions, improving the responsiveness of information security structures and addressing disparate tools (according to a 2021 study, 32% of organizations used between 21 and 30 separate security tools in response to each threat, and 13% used more than 31 tools). The XDR solution monitors the malware detection and antivirus capabilities of the
endpoint detection and response Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is a cybersecurity technology that continually monitors an "endpoint" (e.g. a client device such as a mobile phone, laptop, Internet of things devi ...
(EDR) system and many extra cyber log sources to create greater context for Security Operations Center (
SOC SOC, SoC, Soc, may refer to: Science and technology * Information security operations center, in an organization, a centralized unit that deals with computer security issues * Selectable output control * Separation of concerns, a program design pr ...
) teams to perform faster threat detection, investigation and response. XDR improves on the EDR capabilities to deploy high-grade security solutions by utilizing current technologies which proactively identifies and collects security threats, and employs strategies to detect future cyber security threats. It is an alternative to reactive endpoint protection solutions, such as EDR and network traffic analysis (NTA).


See also

*
Endpoint security Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, and other wireless devices t ...
*
Data loss prevention software Data loss prevention (DLP) software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring, detecting and blocking sensitive data while ''in use'' (endpoint actions), ''in motion'' ( network traffic), and ...
*
Endpoint detection and response Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is a cybersecurity technology that continually monitors an "endpoint" (e.g. a client device such as a mobile phone, laptop, Internet of things devi ...
*
Network detection and response Network detection and response (NDR) refers to a category of network security products that detect abnormal system behaviors by continuously analyzing network traffic. NDR solutions apply behavioral analytics to inspect raw network packets a ...


References

{{Reflist Security technology