XDR security enables organizations to extend endpoint visibility beyond regular endpoint detection and response (EDR). XDR security solutions can integrate with existing SOAR and SIEM, as well as cloud and on-premise environments, and remote endpoints such as IoT.
XDR is very new, but several major security vendors have launched an XDR solution. In this article you’ll get a brief review of the leading XDR solutions by Cynet, Palo Alto, Cisco, Microsoft, McAfee, and more.
Endpoints have always been a target for attackers and so a primary security concern. As systems become more complex and distributed, this concern has increased and security teams are implementing advanced solutions to ensure that resources remain secure.
These solutions must span components throughout your system, including cloud resources, email servers, on-premises resources, and remote or Internet of Things (IoT) devices. Solutions also need to provide centralized visibility with comprehensive system information. For many organizations, XDR solutions can fill this need.
XDR solutions offer detection and response capabilities that extend beyond what is possible with endpoint detection and response (EDR) or point solutions. These solutions can enhance the capabilities of existing monitoring systems and enable event tracing beyond endpoints. This includes solutions such as system information and event management (SIEM) or security orchestration, automation and response (SOAR).
Want to dive deep into XDR? Check out these resources:
Before investing in an XDR solution, you should take the time to evaluate multiple solutions. You need to ensure that solutions are compatible with your existing tooling and that capabilities are appropriate for your specific resources. Below are the top 10 solutions you should consider.
Cynet 360 XDR Platform
Solution scope: Cynet 360 is an autonomous breach protection platform, combining XDR prevention and detection capabilities, with SOAR-like capabilities for fully automated event investigation and remediation, and a 24X7 MDR service without additional cost.
Palo Alto’s Cortex XDR platform is built for Fortune 500 companies with large 24X7 SOC teams. It can be used to monitor and manage endpoint, cloud resource and network data and events. It incorporates features for incident prevention, detection, investigation, and remediation.
Cortex XDR comes in two versions depending on the level of protection you need. Both versions provide 30 day alert retention and an option for extended data retention. The Pro version also includes 30 days of XDR data retention for your network and endpoint data.
Cortex XDR Prevent—provides protections limited to endpoints. These protections include host firewalls, disk encryption, and device controls. Included in the version are integrated response capabilities, an incident engine, and the option to incorporate a feed for threat intelligence.
Cortex XDR Pro—includes and extends the protections provided in the Prevent version. These capabilities are extended to cloud resources, networks, and third-party applications. The Pro version also provides accelerated investigation features, rule-based detection, behavior analytics, and an option to subscribe to managed threat hunting.
Cisco’s XDR solution, Cisco SecureX, is a cloud-native platform you can use to create an integrated security portfolio based on your own and Cisco’s policies. It includes automated workflows for threat detection and response, features for security analytics, and more than 170 out of the box integrations.
Enterprise expertise from working with 100% of Fortune 100 companies
Threat intelligence provided through Cisco Talos, a team of security research experts
Context sharing that enables you to share security information and workflows across teams for unified operations
Microsoft Defender Advanced Threat Protection (ATP) is a solution you can use to prevent threats, detect breaches, and respond to automated event investigation. Defender ATP is a cloud-based solution that requires no agents or on-premises infrastructure.
Capabilities of Defender ATP include:
Real-time discovery of misconfigurations or vulnerabilities
Enterprise-grade monitoring and threat analysis
Ability to detect and block advanced threats and malware
McAfee’s XDR solution, part of the Endpoint Security Suite, is a collection of solutions, including MVISION products for endpoint protection, mobile protection, EDR, XDR, and policy management. It includes features for risk posture assessments, comprehensive device-to-cloud data protection, AI-based behavior classification, and threat intelligence.
Capabilities of McAfee Endpoint Security Suite include:
Centralized detection of threats on endpoints, gateways, networks, cloud resources, and in sandboxes
Adaptive malware scanning for detection of unknown or dynamic threats
Ability to device firewalls that incorporate site and IP reputation scores into device firewalls for traffic filtering
Trend Micro XDR is a solution for protection and event detection and response across email, endpoints, cloud resources, and networks. You can use it to automatically collect and correlate data across your resources and visualize event patterns. It is also available as a managed service.
Capabilities of Trend Micro XDR include:
Incorporation of global threat intelligence
Alert prioritization based on expert defined schema
Centralized visualization of events and attack movement across components
Integrated Cyber Defense Exchange is a strategic security platform created by Symantec. The platform provides a wide range of security offerings, for on-premise and SaaS deployments. Due to the scope of the platform, on all its products, services, and partner ecosystems, integration and interoperability might be challenging. To solve this issue, the company designed a framework calledIntegrated Cyber Defense Exchange (ICDx).
ICDx centralized the platform’s interfaces and ecosystem, and provides an event and API gateway for integrating internal and external applications. Essentially, the purpose of ICDx is to provide a single point of integration. It includes the following capabilities:
Centralization of data collection, data filtering, normalization, data forwarding to external SOC stacks and data suites,
A main archive for all integrated tools
A pipeline for threat intelligence ingestion, including publication
Mechanisms for information exchange, including APIs and a message bus