The success of many organizations in endpoint detection and response (EDR) products in recent years may reached the end of technology. Ironically threats are getting sophisticated to get attention new tech required
Forrester Research said it is on the sidelines of a new class of enhanced detection and response (XDR) technology that combines EDR capabilities with telemetry from networks, applications, and the cloud. XDR is rapidly emerging as an approach to mitigating cyber threats from enterprise endpoints to the cloud.
XDR are seen as the key to improving threat detection accuracy and security productivity, especially in resource-deficient security operations centers. The first is the fact that understaffed SOC teams do not have the time to thoroughly investigate and respond to all threats facing an organization. Many security leaders who understand the value of EDR are also looking for ways to extend these capabilities beyond endpoints.
EDR provides effective endpoint detection and response, but security teams need more telemetry than endpoints,.XDR provides the visibility and control needed for other parts of the business through integration of EDR data with other types of telemetry.
The third factor that raises interest in XDR is the cloud. As companies move more operations to the cloud, security leaders are under pressure to protect their data there. Like traditional EDR tools, XDR collects and analyzes security event and threat data from endpoint devices such as laptops, workstations, and mobile devices. However, unlike EDR technology, XDR integrates this endpoint security data with data from network tools, applications, identity and access management tools, and the cloud. Importantly, XDR also enables the auto attendant feature.
Many security analytics platforms, such as SIEM, are primarily useful for collecting and aggregating security event and log data from a variety of sources, but not very useful for analytics. XDR seeks to address these gaps by centralizing detection with telemetry, which is known to produce highly efficient detections.
The advantage of native XDR is that it provides a relatively easy purchasing process and tight integration. The advantage of hybrid XDR is that security organizations can choose the best product, but integration can be a bit daunting, Melen said. XDR is delivered through the Software-as-a-Service (SaaS) model, both hybrid and native.