Telemetry and data analysis: XDR monitors and collects data across multiple security layers, including not just endpoints but also network, server, and cloud. There are three parts to XDR: telemetry and data analysis, detection, and response. This tailored response helps to contain not only the threat itself but also the impact of the response on systems-for example, reducing downtime on critical servers. True XDR platforms provide the holistic visibility and context that security analysts need to respond to threats in a manner that is both targeted and effective. For example, it can match up a threat detected at the endpoint with the email or workload where it originated to find out what other endpoints the threat might have affected.įinally, like EDR, XDR responds to the threat in order to contain and remove it-but XDR’s superior data collection and integration with the environment allow it to respond more effectively to the impacted asset. It performs automated analysis and correlation of activity data, allowing security teams to contain threats more effectively.
Since XDR has access to raw data collected across the environment, it can detect bad actors that are using legitimate software to gain access to the system (something security information and event management software, or SIEMs, are often unable to do).
XDR is fundamentally a security technology, and it represents a major step forward in enterprise security capabilities.
0 kommentar(er)
