Extended Detection and Response

 What is XDR?

The full name of the XDR product is “Extended Detection and Response” and is offered as an extended detection and response product.

XDR is a cloud-based security product that emerged to meet the need for management from a single point, which emerged due to the increase in the number and variety of security products used by security teams.

It aims to manage and intervene on a single platform by processing the data received from security devices such as NIDS, Firewall, EDR, EPP, SIEM, Honeypot, Mobile Security. Attack with the rules to be placed on the XDR by processing the data to be received from the systems. It is aimed to detect, detect anomalies on systems with artificial intelligence learning, scan to detect possible malicious software on systems and intervene by detecting the path followed by an attack. In addition, it is aimed to control the current threats on the systems by processing the data received from cyber intelligence sources through this product.

The common discourse of the companies providing XDR services is seen as overcoming the problems caused by the density on the security teams and adding a general perspective.

It is aimed to reduce the time that security teams spend to protect the health of security products and to provide a holistic perspective. According to the research conducted by IDC in 2017 to examine the status of security operations, 23 percent of respondents stated that they waste time on maintenance and management of security products.

In the report titled “Gartner Top 9 Security and Risk Trends for 2020” prepared by Gartner, XDR solutions are pointed out as the number 1 trend for 2020. Emphasis was placed on increasing the success rate and speed of detection of threats. The configuring of products in security services, the efficiency in catching false positive alarms and attacks seems to be a problem that needs to be solved for a long time.

In general, XDR seems to have emerged as a product that emerged by increasing the capabilities of the EDR product, which is frequently used today, and reducing its deficiencies. On top of that, it seems inevitable to combine the MDR service with the XDR product by combining the problems such as obtaining human resources, empowering them and keeping them in the process. Companies that provide XDR service can cooperate with other companies as well as offer this service within their own structure. In June 2020, ADEO offered 24/7 monitoring and service to users integrated with the Paloalto Cortex XDR product.

In conclusion; The current investments made by large companies on the subject seem to indicate that XDR products will be a part of our lives.

XDR will be as successful as the success of the alarm correlations in the product in order to increase the rate of detections to be made by the security teams of the product. Since these rules will vary according to the sectors and institutions themselves, it seems that the success of the rules will be as much as the effort spent on the success of the rules.