Extended detection and response (XDR) is defined as an extension of endpoint detection and response (EDR), with the intention of expanding the sources of telemetry beyond the endpoint and streamlining response. The required XDR capabilities can be provided by a single vendor or as a hybrid solution composed of products from multiple vendors.
XDR is attractive because the endpoint has no visibility into threats in places such as cloud services, and it may not be possible to put an agent on all endpoints of the organization (or with access to the organization’s data). The addition of other data sources can also provide more context to findings from EDR, improving the triage and investigation of alerts. Bundled capability packages reduce the cost of and time required for integration and deployment. Finally, there is also content developed and tuned to leverage the expanded universe of data available. All of this translates into ease of use and reduced operational costs.
Download this report to find out what Gartner has to say about XDR.
Gartner: Innovation Insight for Extended Detection and Response, By Peter Firstbrook, Craig Lawson, April 8, 2021
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.