Extended Detection and Response (XDR) is an evolving security category that can unify threat prevention, detection, and response. XDR solutions ingest data from tools in an organization’s security technology stack to create greater context for Security Operations Center (SOC) teams to perform faster threat detection, investigation, and response.

Key capabilities for XDR include detecting security incidents, automating response capabilities, and integrating intelligence and telemetry data from multiple sources with security analytics to correlate and contextualize security alerts. XDR solutions should include a minimum of two native security sensors and integrate seamlessly with your organization’s security ecosystem.

XDR’s primary advantages are:

• Improved, consolidated visibility: Data is ingested from siloed security solutions so that automated analysis can surface findings from large volumes of data that would otherwise depend on slow, manual processes. Solutions typically include a single point of visibility to unify findings in a single console.
• Faster investigations, more productive SecOps teams: Because XDR prioritizes threats and reduces alert volumes with analytics and correlations, teams can focus on the most critical threat events and leverage automation to address known or repeat events.
• Lower total cost of ownership: XDR vendors with a broad set of native capabilities offer cost savings by standardizing on a security stack from a single vendor, which is typically integrated out-of-the-box. Organizations with a large, best-of-breed environment can unlock data across tools and vendors with XDR solutions that offer open integrations.
• 
  

XDR holds the promise of consolidating multiple products into a cohesive, unified security incident detection and response system.