Why XDR Has Emerged as an Important New Security Trend - eWEEK | eWeek

Why XDR Has Emerged as an Important New Security Trend

XDR.security
Written By
eWEEK EDITORS
eWEEK EDITORS
Oct 6, 2020
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The shortfall of skilled security professionals and the exponential growth of security-related data means greater risk for companies. Security teams at organizations of all sizes have limited resources and must filter alerts to match analysis capacity. When this happens, clues to potential threats remain hidden and attackers achieve longer dwell times, increasing the likelihood and impact of a security incident.

To help address this challenge, eXtended Detection and Response (XDR) has emerged–a new category geared to provide technology integration between data sources and security operations to accelerate detection and response. XDR solutions integrate a set of products unifying control points, security data, analytics and operations into a single enterprise solution. Gartner noted recently that “security and risk management leaders should consider the risks and advantages of an XDR solution.”

Industry information for this eWEEK Data Points article comes from Chris Calvert, CTO and co-founder of Respond Software, an emerging leader in the automated monitoring and triage software sector. Calvert discusses five questions to consider when evaluating whether XDR would be a useful addition.


Data Point No. 1: How effective is your SIEM?

Security Information and Event Management (SIEM) systems are popular these days, but they require rules to reduce the number of events security teams analyze. SIEM rules are based on logic that’s too simplistic to isolate and analyze real attacks. In addition, SIEM rules and the people who write them vary in terms of quality, resulting in inaccurate or incomplete analysis. What’s more, most organizations lack the time and budget to deploy and maintain their own SIEM infrastructure.


Data Point No. 2: Are you getting the most out of your SOAR?

Some organizations are using Security Orchestration Automation and Remediation (SOAR) platforms, which security engineers code to automate analyst tasks, i.e., data collection, correlation, enrichment and response to low-level security events. The problem is that SOAR tools can choke on the volume of data that needs to be analyzed, dramatically lowering their remediation capability. SOAR solutions are commonly tuned down to reduce the volume of alerts, which effectively takes a powerful (and expensive) tool and decreases its efficacy.  


Data Point No. 3: Can you weed out false positives?

Endpoint detection and response (EDR) has a reputation for generating lots of false positives when used on its own. EDR is great at collecting that data, but when you’re trying to determine whether or not something malicious is happening in real time, it’s overwhelming. However, when EDR is integrated into an XDR engine, it can process vast amounts of sensor data at machine speed. And that’s not just data from the endpoints. It includes network telemetries and other sensors, information on vulnerabilities, threat intelligence, and specifics about accounts and individual systems.


Advertisement

Data Point No. 4: Do you like simplicity but fear vendor lock-in?

XDR is a valuable addition, but it does have its limitations. For instance, most XDR solutions are limited to a vendor’s proprietary technology stack, reducing the volume of security data that can be correlated, scoped and triaged, while locking customers into expensive tools. In addition, detection capabilities are limited or require customization from professional services or security engineers.


Data Point No. 5: Can you choose best-of-breed solutions?

An alternative is to select a vendor agnostic XDR engine, which gives security teams the best of both worlds: the capability to find incidents in real time and analytics that work across a broad range of security technologies. Sensors in the environment generate disparate data and evidence that need to be correlated and analyzed at scale. Agnostic XDR solutions can work with multiple vendors, telemetries and threat intelligence to effectively escalate only malicious and actionable incidents.

If you have a suggestion for an eWEEK Data Points article, email cpreimesberger@eweek.com.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.