What is extended detection and response (XDR)? There is a lot of confusion as to what XDR is, and some people are asking whether we simply ran out of letters for acronyms. Many are even thinking that XDR is a product or the evolution of endpoint detection and response (EDR), but that’s not necessarily the case either. Rather, we need to start thinking of XDR as a strategy, and not a product. XDR consists of a combination of security-related telemetries, in combination with high-fidelity detections, to deliver faster and more effective incident response.
To implement an effective XDR strategy, you need to understand the different types of XDR. There is a proprietary XDR strategy, which focuses on a single vendor or an “all-in-one” platform providing telemetry from a single vendor’s different products—for example, that vendor’s firewalls, EDR, network detection and response (NDR), and so on (more on why that may not be the best approach later). And there is an open XDR strategy, which consists of multiple vendors, or “best-of-breed” technologies that provide multiple types of telemetry from different types of products (for example firewall, intrusion detection system [IDS], EDR, and NDR) and vendors (CrowdStrike, Palo Alto Networks, and NETSCOUT, for example).
Read the original article: