Engineering:Extended detection and response
Concept
The term was coined by Nir Zuk of Palo Alto Networks in 2018.[1]
According to Chapple, Stewart and Gibson, XDR is not so much another tool as the collection and integration of several concepts into a single solution, the components varying from vendor to vendor and often including NTA (network traffic analysis), NIDS and NIPS.[2]
According to Gartner :[3]
Extended detection and response (XDR) delivers security incident detection and automated response capabilities for security infrastructure. XDR integrates threat intelligence and telemetry data from multiple sources with security analytics to provide contextualization and correlation of security alerts. XDR must include native sensors, and can be delivered on-premises or as a SaaS offering. Typically, it is deployed by organizations with smaller security teams.
The system works by collecting and correlating data across various network points such as servers, email, cloud workloads, and endpoints.[4] The data is then analyzed and correlated, lending it visibility and context, and revealing advanced threats. Thereafter, the threats are prioritized, analyzed, and sorted to prevent security collapses and data loss. The XDR system helps organizations to have a higher level of cyber awareness, enabling cyber security teams to identify and eliminate security vulnerabilities.[5][6]
The XDR improves the malware detection and antivirus capabilities over the endpoint detection and response (EDR) system. XDR improves on the EDR capabilities to deploy high-grade security solutions by utilizing current technologies which proactively identifies and collects security threats, and employs strategies to detect future cyber security threats. It is an alternative to reactive endpoint protection solutions, such as EDR and network traffic analysis (NTA).[7]
See also
- Endpoint security
- Data loss prevention software
- Endpoint detection and response
- Network detection and response
References
- ↑ Rubin, Kevin (2021-07-12). "What is extended detection and response?" (in en-US). https://www.stratospherenetworks.com/blog/what-is-xdr-your-guide-to-extended-detection-and-response/.
- ↑ Mike Chapple, James Michael Stewart, Darril Gibson (June 2021) (in En). (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (9th ed.). Wiley. pp. 49. ISBN 978-1-119-78623-8.
- ↑ "Untangling XDR: Our Take on the 2023 Gartner® Market Guide" (in en). https://www.trellix.com/en-us/about/newsroom/stories/xdr/untangling-xdr-our-take-on-the-2023-gartner-market-guide.html.
- ↑ "What is Extended Detection and Response (XDR)". https://www.vmware.com/topics/glossary/content/xdr-extended-detection-and-response.html.
- ↑ Cite error: Invalid
<ref>tag; no text was provided for refs named:0 - ↑ Oltsik, Jon (2020-06-08). "What is XDR? 10 things you should know about this security buzz term" (in en). https://www.csoonline.com/article/3561291/what-is-xdr-10-things-you-should-know-about-this-security-buzz-term.html.
- ↑ Cite error: Invalid
<ref>tag; no text was provided for refs named:1
 |  |
