Defense & Operations
XDR (Extended Detection and Response)
Also known as: Extended Detection and Response
Definition
A security platform that unifies telemetry from endpoint, network, identity, email and cloud sensors to deliver correlated detections and integrated response actions.
Examples
- Microsoft Defender XDR correlating an Office 365 phishing click with an EDR alert on the same user's laptop.
- Cortex XDR linking a malicious PowerShell on an endpoint to lateral SMB traffic captured by network sensors.
Related terms
EDR (Endpoint Detection and Response)
An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts.
NDR (Network Detection and Response)
A network security technology that analyses traffic — including decrypted, metadata and flow data — using behavioral analytics and ML to detect threats and orchestrate response.
SIEM
A platform that aggregates, normalizes and correlates security telemetry from across the enterprise to enable detection, investigation, compliance and reporting.
MDR (Managed Detection and Response)
A managed service in which an external provider operates detection, threat hunting and incident response on behalf of a customer, typically using EDR/XDR and SIEM telemetry.
Security Operations Center (SOC)
A centralized team and facility that continuously monitors, detects, investigates and responds to cybersecurity incidents across an organization's IT estate.
SOAR
A platform that automates and orchestrates SOC workflows by chaining detections, enrichments and response actions into playbooks executed across security tools.