What is XDR and why should I care?

XDR is a natural step in the evolution of Endpoint Detection and Response (EDR). Or SIEM, for that matter, whichever you prefer. It stands for or Extended Detection and Response. Think of it as an approach that unifies information from multiple security products. It accelerates threat detection, investigation, and response in ways that isolated endpoint solutions cannot. Corporate Armor has several partners that can implement this new capability. Sophos, teaming firewalls like the XG115 and XG125 with Intercept X/EDR, for example. Or, Fortinet’s FG-40F, FG-60F, or FG-80F paired with FortiEDR or FortiClient would do quite nicely.

However, maybe the best way to start with XDR is to compare it to EDR. We have already discussed it before.

Workforces are more widely distributed than ever. And nowadays, it looks like the remote workforce is here to stay. That means lots of employees accessing company data over company networks on personal devices. It isn’t hard to see what a security risk this poses. Enter Endpoint Detection and Response.

EDR – A primer

EDR stands for Endpoint Detection and Response. It refers to the protection of internet-connected devices such as PCs, servers and smartphones from cyber threats. Endpoints are vulnerable to a wide range of attacks. As a result, they are commonly targeted by criminals. Unlike XDR, EDR is an integrated security solution that detects and blocks threats solely at device level. It includes antivirus, anti-malware, and data encryption. There’s also personal firewall, intrusion prevention and data loss prevention. It also usually has real-time anomaly detection and alerting, forensic analysis and endpoint remediation.

So, Endpoint Detection and Response records every execution and modification, every registry change, and network connection across an entire organization. EDR provides very detailed threat visibility. It proactively searches and responds to hidden threats within an organization. But the key is, it does all this at the device level. The technology’s laser focus doesn’t extend to the network, servers, cloud, or applications. Hence the “Endpoint” in “Endpoint Detection and Response.”

So what is XDR (Extended Detection and Response)?

XDR takes a much broader approach. It provides visibility across all an organization’s endpoints, as well as the network, and the cloud. Typically, it analyzes the collected data. Then, it acts upon threats. Subsequently, it sends unified alerts and action items to security analysts. So, it’s holistic, in other words. XDR does a lot, and it involves multiple technologies. As a result, vendors from all over the IT spectrum offer services and bundles. Companies like Microsoft and VMWare, Palo Alto, Cisco, and McAfee, to name a few. But it’s important to note that XDR isn’t necessarily a replacement for EDR, SIEM, SOAR, or anything else. Especially if you already have several layers of defense in place. You may only need to tweak your defense posture. Or, maybe your organization just isn’t large enough to justify a full-on XDR set-up.

If you already have a security solution for your network and cloud infrastructure, you may be better off using an EDR solution like FortiEDR (ask us about it) or Sophos Intercept X. An XDR system may have difficulty interfacing with your current network security solution. As a result, the redundancy may create more obstacles than opportunities.

Why get it, then?

There are organizations that prefer the simplicity of a single security vendor to the “tool overload” that many security professionals complain about. EDR already widely accepted as a security tool category. So XDR can be an evolutionary step rather than a massive change in security strategy.

On the other hand, XDR is seen by some as an opportunity to address the skills shortage, then security analysts can focus their energy on the most critical incidents.

In any event, the ease and practicality of shifting to XDR will rely on several factors. Among them are the size and skill of existing in-house IT staff, and whatever security tools might already be in place. But if your organization is looking for the all-seeing-eye visibility of SIEM, plus the weapons to act on that data, XDR might be worth a look. Corporate Armor is ready to help, so email us, or call 877-449-0458. Thanks for reading!

Extended Detection and Response

Unifies information from multiple security products
Automates and accelerates threat detection, investigation, and response
Takes a much broader approach than EDR
Can address the existing skills shortage