An evolution is happening in the cybersecurity industry. Even as our workforce is becoming more and more distributed, our security architecture is unifying into a single security analytics capability for endpoint threat detection and response. Extended detection and response (XDR) is at the center of this shift, providing centralized visibility across your various security data sources. Security teams who are investing in managed detection and response tools must consider XDR in their evaluations, as XDR delivers all the capabilities of traditional endpoint detection and response (EDR) security, but with superior extensibility and analytics to meet the needs of the future.
To tell the story of XDR, we must begin with traditional EDR solutions because it is the foundation from which we are extending. EDR capabilities are a critical precursor to an XDR solution because there is no better way to detect an intrusion than by monitoring the actual target environment being attacked, and the telemetry collected by EDR forms the basis of triage and investigation. You simply cannot have a marketable XDR solution if you don’t have best-in-class EDR capabilities. That said, 10-20% of any organization’s laptops and workstations are not under management, so as great as EDR is, it’s only situationally useful. Let’s take a look at how XDR improves upon this situation.
An endpoint is traditionally understood to be end user computing devices such as a laptop or workstation. Unfortunately, this ignores another important endpoint if we’re to view network communication using the middle-school definition of a line segment, connecting two endpoints. As cloud technologies such as containers and serverless become more prevalent, it’s essential that we be able to monitor these endpoints with the same confidence we have in our end user computing environment. This critical next step toward a full-fledged XDR product enables a unified view across the endpoints within your environment, regardless of system function.
Network telemetry serves three critical functions in an XDR environment:
While the first two objectives are advantages of having a network detection and response (NDR) solution, only by leveraging XDR can you accomplish the third to greatly reduce not only the frequency of alerts but the time to triage and investigate them.
XDR security extends all the benefits you expect from a traditional endpoint solutions product by further stitching together telemetry from non-endpoint sources to provide better detection and a bigger picture of what’s going on in your environment for your security operations team.
Organizations without XDR invest tons of time and money sending traditional EDR data into their SIEM in an attempt to achieve the same benefits an XDR solution will give you out of the box. Don’t invest in the last generation of endpoint security products with traditional EDR, extend your team by unifying your threat detection capabilities with XDR.
The evolution of endpoint security has progressed from antivirus software to endpoint protection (with endpoint security policies and modules), then EDR (next-gen endpoint which detects and contains security incidents and restores hosts to pre-attack condition), and now XDR which provides cross-data analytics and insights.
With a strong focus on prevention, Cortex XDR provides an integrated platform for cross-data prevention, detection and response:
Download our on-demand webinar featuring a candid discussion with Palo Alto Networks field CTO and former Forrester analyst Josh Zelonis as he presents the case for moving to XDR today:
Watch On-Demand Now: “Moving Beyond Traditional EDR-How XDR is reshaping SOC Operations”
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.