About 18 months ago, I first wrote about XDR (eXtended Detection and Response) in this post on CSO.  Since then, it seems every security vendor—major security vendors and small companies alike—has jumped on the XDR bandwagon and embraced the concept.

Some vendors have approached XDR from the endpoint in and others from the network out. Either approach is valid as the premise of XDR is that security shifts from a series of point products to a single platform for threat visibility across the enterprise.  Data is collected from the various enforcement points and then analyzed so threats can be detected faster and, more importantly, can be responded to quickly to contain the blast radius.

Traditional security tools, such as EDR (endpoint detection and response), often find threats but aren’t able to understand where the threats emanated from so corrective action can’t be taken. This is why most detection and response tools are much better at the “D” than they are the “R.” XDR corrects that.

5 key capabilities for XDR solutions

XDR cuts across all the security layers, which is why so many vendors have thrown their hat in the ring. This has created a situation where there are a dizzying number of vendors to choose from, some of which are true XDR solutions and some that are XDR by name only.  To help with the decision process, below are five key criteria for XDR solutions: