GUEST OPINION: It’s currently one of the hottest topics in IT security circles, however it can be challenging to find two vendors that describe it in the same way.

In essence, extended detection and response (XDR) is a vendor-specific threat detection and incident response tool that unifies multiple security products into a comprehensive security operations platform.

It provides organisations with combined threat intelligence that can be used to detect and respond to incidents across an entire IT infrastructure. Inputs are received from multiple locations and combined to create a holistic picture of exactly what is happening at all times.

Because of its broad capabilities, some industry analysts believe XDR will eventually supersede the widely used endpoint detection and response (EDR) approach to security. This is because EDR still tends to lack the complete picture of what is taking place during an attack and therefore can limit a security team’s ability to effectively respond.

According to Gartner, XDR will be in use by up to 40 percent of end-user organisations by 2027. By that time, the company predicts, 50 percent of mid-market security buyers will leverage XDR to drive consolidation of workspace security technologies.

Putting XDR to work

Once deployed, an XDR platform provides support to security teams in three key ways. Firstly, it undertakes data aggregation from multiple points across an IT infrastructure and combines it to provide context.

The platform then monitors for threats by examining alerts and reporting critical ones to the team for further analysis and action. This allows team members to spend their time to maximum advantage without having to wade through large numbers of low-level alerts.

Thirdly, the platform can also provide automated responses to attacks in which threats can be removed or isolated and pre-determined security policies enacted.

Overcoming security disconnections

One of the key advantages of XDR is that it works to fill in any gaps that might exist which are not being effectively covered by an organisation’s current security tools. This ensures that maximum protection is in place at all times and responses to threats can be undertaken as swiftly as possible.

This is particularly important following the increase in remote working. Staff are no longer protected by a corporate firewall and additional tools are required to ensure effective security is in place regardless of their working location.

XDR also helps organisations overcome what previously may have been a siloed approach to IT security. Multiple tools were deployed that required individual management and monitoring.

This meant that security teams required additional training on each tool and had to constantly switch between them to gain a clear picture of what was going on within the wider infrastructure.

XDR, on the other hand, provides a single dashboard through which all security tools can be monitored and managed. This makes security teams much more efficient and ensures maximum protection is in place at all times.

Deploying XDR with an MSP

Once a decision has been made to adopt an XDR platform, increasing numbers of organisations are opting to undertake the project with the assistance of a managed service provider (MSP).

This allows the organisation to tap into the knowledge and experience of the MSP to ensure the project is completed as quickly as possible and delivers all expected business benefits.

Once operational, ongoing management of the XDR platform can also be handed over to an MSP. This frees up internal security teams to focus on other activities while ensuring the platform is operating effectively.

Although the concept of XDR tends to be explained in different ways by different security vendors, the overall concept remains the same. An XDR platform can deliver a comprehensive, coordinated security solution that provides the best possible level of protection. For this reason, the current rapid pace of adoption is likely to continue for some time to come.