This article has been indexed from Security Boulevard
I know you may hate me for this, but I‘ve been finally tempted into the Great XDR Debate.
Here, if you want TL;DR, my position on XDR today is “wait and see” (boring, huh?). Unlike some of my esteemed former colleagues, I don’t really have a horse in the race.
First, a very brief bit of history. The origin of the term XDR (Extended Detection and Response) is disputed. Wikipedia (entry, reviewed 8/6/2021) has us believe that Palo Alto invented the term “in 2018.” Josh Zelonis points out that he in fact invented the term. My Googling for its earliest use didn’t yield any revelations.
Today, I see several visions of XDR that are somewhat conflicting. So, let me outline them the way I understand them.
- “XDR as improved EDR” or “EDR+” vision; on the analyst side, we have Forrester with illustrious Allie Mellen (example, FAQ) and on the vendor side we have many EDR vendors (example, example). This is definitely a defensible view of XDR as EDR with more data collection outside of the endpoint. Thus defined, XDR can nicely coexist with SIEM, but may also collide with it later on.
- “XDR as ‘UTM’ for D&R” view considers XDR to be a combo toolset (likely from a single vendor); Gartner, for example, says XDR is “vendor-specific” and “natively integrates multiple security products into a cohesive security operatio
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.Read the original article: Anton and The Great XDR Debate, Part 1