However, the scope of EDR solutions is limited to data generated by endpoint devices — and those devices simply don’t see a significant volume of cybersecurity data. XDR platforms seek to address this limitation by combining EDR-like data from multiple sources, including network device monitoring solutions, cloud infrastructure and application monitors, email services, and other data sources.
This allows them to identify potential incidents where the clues are spread across multiple devices.
Now, you might be asking yourself a question: “Isn’t that what security incident and event management systems and security orchestration, automation and response platforms do?” It’s a reasonable question. SIEM platforms correlate and analyze information from a wide variety of sources, while SOAR platforms add on sophisticated response capabilities.
However, many cybersecurity professionals would say that SIEM and SOAR have never really achieved their full potential because of their limited understanding of the data generated by thousands of disparate security solutions. XDR is meant to overcome this by integrating directly with a select set of security tools, generally from the same vendor that produces the XDR platform.
How Can XDR Help Businesses?
Organizations struggling to understand the massive volume of data sent to their SIEM and SOAR platforms may benefit from the enhanced capabilities of XDR. With their advanced analytic capabilities and direct product integrations, XDR platforms promise to find previously undetectable security issues, reduce the burden on analysts and decrease the rate of false positive alerts.
Combining this with integrated response techniques allows the creation of automated playbooks that immediately react to security incidents as they unfold, rapidly triggering containment, eradication and recovery efforts.
The major benefit is that XDR may reduce the total dwell time of an attack, reducing the length of a compromise and the amount of activity that attackers might undertake after a successful intrusion. Organizations still struggle with this. According to Verizon’s “2020 Data Breach Investigations Report,” almost a quarter of breaches last year went undiscovered for a month or longer. If XDR solutions provide the visibility required to reduce that dwell time, they may be a worthwhile investment.