What Is Extended Detection and Response (XDR)?

What Is Extended Detection and Response (XDR)?

Extended detection and response (XDR) delivers visibility into data across networks, clouds, endpoints, and applications while applying analytics and automation to detect, analyze, hunt, and remediate today's and tomorrow's threats.

How does XDR work?

XDR collects and correlates data across email, endpoints, servers, cloud workloads, and networks, enabling visibility and context into advanced threats. Threats can then be analyzed, prioritized, hunted, and remediated to prevent data loss and security breaches.

How do I benefit from XDR?

With more visibility and context into threats, events that would have not been addressed before will surface to a higher level of awareness, allowing security teams to quickly focus and eliminate any further impact and reduce the severity and scope of the attack.

Detection and response

Types of intrusion detection and response

Endpoint detection and response

Endpoint detection and response (EDR), a predecessor to XDR, improved on the capability of malware detection and remediation over antivirus' simplistic approach to detection. EDR solutions are different from XDR in that they focus on endpoints (laptops, for example) and record system activities and events to help security teams (such as the SOC) gain the visibility needed to uncover incidents that would normally not be detected.

Learn more about EDR


Where EDR improved on malware detection over antivirus capabilities, XDR extends the range of EDR to encompass more deployed security solutions. XDR has a broader capability than EDR. It utilizes the latest and current technologies to provide higher visibility and collect and correlate threat information, while employing analytics and automation to help detect today's and future attacks.

Learn more about XDR

Get started

Network with your peers and learn more about security topics that interest you.

Connect with a Cisco XDR expert

It’s time to go from endless investigation to remediating the highest priority incidents with greater speed, efficiency, and confidence.

Get started
Untitled Document