{"id":104218,"date":"2019-12-06T12:00:22","date_gmt":"2019-12-06T20:00:22","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=104218"},"modified":"2020-10-27T13:56:04","modified_gmt":"2020-10-27T20:56:04","slug":"cortex-what-is-xdr","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2019\/12\/cortex-what-is-xdr\/","title":{"rendered":"What Is XDR?"},"content":{"rendered":"<p><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:61.89%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"aligncenter wp-image-120628 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2019\/12\/Top-image.png\" alt=\"The diagram shows how Cortex XDR relates to network, endpoint, cloud and Cortex Data Lake.\" width=\"900\" height=\"557\" \/><\/span><\/div><\/p>\n<p><span style=\"font-weight: 400;\">There\u2019s been a lot of buzz about XDR as of late \u2013 and not just from us. Analysts, competitors, seemingly everyone is talking about XDR these days. However, in the classic security industry problem of every product sounding basically the same, we are often asked to clarify.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">What is XDR? How does it differ from, complement and\/or integrate with endpoint detection and response (EDR), endpoint protection platforms (EPP), network traffic analysis (NTA) or name-your-other-security-tool? What are the key criteria to look for when evaluating an XDR product?<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The short answer is that the \u201cX\u201d in XDR is a variable that stands for \u201canything,\u201d meaning XDR solutions, at their core, are detection and response platforms that can take good data from network sensors, endpoint sensors and cloud sensors, and perform analysis on that data in a central location. Our visionary CTO and co-founder Nir Zuk <\/span><a href=\"https:\/\/www.youtube.com\/watch?v=c71uPTimW_A&amp;feature=youtu.be&amp;t=2677\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">coined this category<\/span><\/a><span style=\"font-weight: 400;\"> in 2018, recognizing that the existing detection and response tools on the market were too narrowly focused to serve security teams\u2019 evolving needs. XDR products are designed to detect and stitch together all the available information on any threats that have evaded prevention to provide security analysts with detailed analysis of any attack that is underway. This information allows a security team to react to and resolve incidents quicker, and also allows the team to be more proactive with threat hunting.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For the long answer, <\/span><a href=\"https:\/\/start.paloaltonetworks.com\/xdr-enterprise-scale-detection-and-response.html\"><span style=\"font-weight: 400;\">read the book \u201cXDR: Enterprise-Scale Detection and Response,\u201d<\/span><\/a><span style=\"font-weight: 400;\"> which you can download for free. This goes into everything you need to know about what an XDR solution is and how to evaluate it for inclusion in your security toolkit, including:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Shortcomings of legacy detection and response products, and how XDR addresses them.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Required capabilities of XDR to protect against attackers who have used cloud and automation to become more powerful and sophisticated.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The definition and defining characteristics of XDR solutions.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Key use cases for XDR and how to use it to refine your overall security operations.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">A detailed RFP checklist for evaluating XDR tools.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\"><img loading=\"lazy\" decoding=\"async\"  class=\"alignleft wp-image-120641 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2019\/12\/XSOAR-image.png\" alt=\"The image breaks down how Cortex XDR and Cortex XSOAR help protect an organization.\" width=\"500\" height=\"281\" \/>We truly embrace the principles outlined in this book as we continue to improve upon our own industry-leading XDR product, Cortex XDR. With Cortex XDR, we are able to automate huge chunks of triage, investigation and response processes and give analysts all the information that they need to make informed decisions on the stuff that can\u2019t be automated. We\u2019ve been able to group disparate alerts into \u201cincidents\u201d to reduce the alert load by 50x, and we, on average, speed up the investigation process by 8x. Compared to the old incident response process, which centered around a log collector and a pile of siloed analysis tools, we\u2019ve seen that XDR is dramatically more efficient, effective and scalable.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">That\u2019s just the start.\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/09\/cortex-xdr-2-5\/\"><span style=\"font-weight: 400;\">Cortex XDR 2.5<\/span><\/a><span style=\"font-weight: 400;\"> has taken several additional powerful steps toward eliminating blindspots, reducing alert fatigue and simplifying management. Learn more about how we\u2019re leading the way to better security operations.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cut through the buzz to understand what XDR is, how it relates to other security tools and what criteria to look for when evaluating an XDR product. <\/p>\n","protected":false},"author":657,"featured_media":120615,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6770,1],"tags":[6737,6735],"coauthors":[6810],"class_list":["post-104218","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-future","category-uncategorized","tag-cortex-xdr","tag-xdr"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2019\/12\/Featured-image-XDR.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/104218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/657"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=104218"}],"version-history":[{"count":10,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/104218\/revisions"}],"predecessor-version":[{"id":120654,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/104218\/revisions\/120654"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/120615"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=104218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=104218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=104218"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=104218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}