Chief Technology Officer at a tech vendor with 51-200 employees
Real User
Top 5
2025-10-03T10:52:39Z
Oct 3, 2025
I agree to one of the reviewers here. XDR has way too many definitions. The one that I believe in, is that XDR cannot be packaged in a product. A lot of vendors out there, combine NDR and EDR capability, throw in some automation and workflows, or a chatbot, and call it an XDR. Others provide a managed detection capability or an MDR and package that into a software and call it XDR.
I believe XDR is a very subjective solution. It varies from customer to customer. By definition, extended detection is detecting threats and/or malicious behaviour above and beyond standard detections. This would be highly based on the nature of the business of the customer, their supply chain, their exposure, the way their users are spread, how they access the systems, how applications are configured, how machines talk to each other, how APIs communicate and the list goes on.
I believe, that if you have a very robust SoC, with a very scalable and flexible SIEM that sits on top of a security data lake, with a sophisticated NDR that has advanced Zeek, Suricata and Yara cabaplities along with a next generation EDR, with a full spectrum of internatl threat intelligence coming from the other cybersecurity tools like your identity security, end point security, network security, vulnerability management, etc.. XDR is an outcome you can derive.
AI and automation is applied all across the security domain right now, and XDR is one such outcome you can achieve if you have the right sources of data to build the analytics.
Search for a product comparison in Extended Detection and Response (XDR)
Extended Detection and Response is significant for companies due to its ability to enhance security operations, streamline processes, and improve threat detection. Key aspects to consider include:
Comprehensive threat visibility
Improved incident response times
Enhanced automation capabilities
Centralized data integration
Cost-effectiveness through streamlined operations
XDR provides a unified approach to threat detection and response, integrating multiple security layers into a single platform. It offers companies comprehensive threat visibility by consolidating data from various security tools, making it easier to detect sophisticated attacks. This holistic view allows security teams to understand the full scope of threats quickly, leading to quicker and more effective incident response. By breaking down silos between different security products, XDR enables seamless communication among tools, ultimately increasing overall security efficacy. With enhanced automation capabilities, XDR helps in reducing manual intervention, allowing security teams to focus on strategic tasks.
The importance of XDR extends to its ability to provide centralized data integration, which simplifies the complexities of managing disparate security solutions. By collecting and correlating information from across the infrastructure, XDR ensures no threat remains undetected, thereby reducing risk for companies. This centralization also fosters more efficient use of resources by eliminating redundant tools and processes. As organizations strive for cost-effectiveness, XDR offers a more streamlined approach to security operations, minimizing the total cost of ownership. Companies can leverage the advanced analytics of XDR to continuously adapt to evolving threats, maintaining a robust security posture without incurring excessive costs. The agility and adaptability of XDR make it essential for maintaining resilience in an increasingly complex threat landscape.
XDR is important for companies because it provides a holistic, efficient way to protect against and respond to advanced cyberattacks. It accomplishes this by integrating detection, investigation, and response capabilities across a wider range of domains, including an organisation's endpoints, hybrid identities, cloud applications and workloads, email, and data stores. In essence, XDR offers companies a unified security incident platform that leverages AI and automation to give them a clear picture of their security landscape.
Sorry to have a dissenting opinion. XDR is the attempt of AV vendors to solve the problem that their AV solution is incapable of blocking especially the modern nasties that operate in process space and im-memory. Thus your hosts get infected anyway. With XDR they make you, the customer pay for getting the virus info from you and let you pay for their AI effort to process that info. O yes, then they come up with 'remediation' workflows to 'restore' your infected (many?) workloads. Of course, these workflows are site-specific so you must build an test them yourself! XDR is 'free money' for AV vendors. My organization is not in the business of 'detecting' malware but in preventing any malware infection in the first place. To that respect we are using an AMTD (Automated Moving Target Defense) component as an add-on to our regular AV, now Trend Micro, but moving to MS Defender integrally. The combination MS Defender and AMTD is unbeatable in performance and price. I leve it to you to look up the recent Gardner report on AMTD and read what component we are using. AMTD is plugging the big hole that AV vendors leave open.
Find out what your peers are saying about CrowdStrike, Microsoft, SentinelOne and others in Extended Detection and Response (XDR). Updated: September 2025.
Extended Detection and Response (XDR) is an advanced security solution offering more comprehensive threat detection and response by integrating multiple security tools into a unified platform.
XDR addresses the complexities of today’s security landscape by providing greater visibility across networks, endpoints, and cloud environments. Utilizing machine learning and automation, it enables security teams to detect, investigate, and respond to threats faster and more efficiently
What...
I agree to one of the reviewers here. XDR has way too many definitions. The one that I believe in, is that XDR cannot be packaged in a product. A lot of vendors out there, combine NDR and EDR capability, throw in some automation and workflows, or a chatbot, and call it an XDR. Others provide a managed detection capability or an MDR and package that into a software and call it XDR.
I believe XDR is a very subjective solution. It varies from customer to customer. By definition, extended detection is detecting threats and/or malicious behaviour above and beyond standard detections. This would be highly based on the nature of the business of the customer, their supply chain, their exposure, the way their users are spread, how they access the systems, how applications are configured, how machines talk to each other, how APIs communicate and the list goes on.
I believe, that if you have a very robust SoC, with a very scalable and flexible SIEM that sits on top of a security data lake, with a sophisticated NDR that has advanced Zeek, Suricata and Yara cabaplities along with a next generation EDR, with a full spectrum of internatl threat intelligence coming from the other cybersecurity tools like your identity security, end point security, network security, vulnerability management, etc.. XDR is an outcome you can derive.
AI and automation is applied all across the security domain right now, and XDR is one such outcome you can achieve if you have the right sources of data to build the analytics.
Extended Detection and Response is significant for companies due to its ability to enhance security operations, streamline processes, and improve threat detection. Key aspects to consider include:
XDR provides a unified approach to threat detection and response, integrating multiple security layers into a single platform. It offers companies comprehensive threat visibility by consolidating data from various security tools, making it easier to detect sophisticated attacks. This holistic view allows security teams to understand the full scope of threats quickly, leading to quicker and more effective incident response. By breaking down silos between different security products, XDR enables seamless communication among tools, ultimately increasing overall security efficacy. With enhanced automation capabilities, XDR helps in reducing manual intervention, allowing security teams to focus on strategic tasks.
The importance of XDR extends to its ability to provide centralized data integration, which simplifies the complexities of managing disparate security solutions. By collecting and correlating information from across the infrastructure, XDR ensures no threat remains undetected, thereby reducing risk for companies. This centralization also fosters more efficient use of resources by eliminating redundant tools and processes. As organizations strive for cost-effectiveness, XDR offers a more streamlined approach to security operations, minimizing the total cost of ownership. Companies can leverage the advanced analytics of XDR to continuously adapt to evolving threats, maintaining a robust security posture without incurring excessive costs. The agility and adaptability of XDR make it essential for maintaining resilience in an increasingly complex threat landscape.
XDR is important for companies because it provides a holistic, efficient way to protect against and respond to advanced cyberattacks. It accomplishes this by integrating detection, investigation, and response capabilities across a wider range of domains, including an organisation's endpoints, hybrid identities, cloud applications and workloads, email, and data stores. In essence, XDR offers companies a unified security incident platform that leverages AI and automation to give them a clear picture of their security landscape.
Which definition for XDR are we using for this conversation? there are way to many.
Sorry to have a dissenting opinion. XDR is the attempt of AV vendors to solve the problem that their AV solution is incapable of blocking especially the modern nasties that operate in process space and im-memory. Thus your hosts get infected anyway. With XDR they make you, the customer pay for getting the virus info from you and let you pay for their AI effort to process that info. O yes, then they come up with 'remediation' workflows to 'restore' your infected (many?) workloads. Of course, these workflows are site-specific so you must build an test them yourself! XDR is 'free money' for AV vendors. My organization is not in the business of 'detecting' malware but in preventing any malware infection in the first place. To that respect we are using an AMTD (Automated Moving Target Defense) component as an add-on to our regular AV, now Trend Micro, but moving to MS Defender integrally. The combination MS Defender and AMTD is unbeatable in performance and price. I leve it to you to look up the recent Gardner report on AMTD and read what component we are using. AMTD is plugging the big hole that AV vendors leave open.