Top 8 Extended Detection and Response (XDR)

Cortex XDR by Palo Alto NetworksMicrosoft Defender for CloudTrellix Endpoint SecurityCynetCisco SecureXMicrosoft 365 DefenderTrend Micro XDRNetWitness XDR
  1. leader badge
    The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning.
  2. leader badge
    The solution's robust security posture is the most valuable feature.The first valuable feature was the fact that it gave us a list of everything that users were surfing on the web. Having the list, we could make decisions about those sites.
  3. Buyer's Guide
    Extended Detection and Response (XDR)
    November 2022
    Find out what your peers are saying about Palo Alto Networks, Microsoft, Trellix and others in Extended Detection and Response (XDR). Updated: November 2022.
    655,465 professionals have used our research since 2012.
  4. leader badge
    It can be deployed quickly, and it's scalable. Those are the two advantages of it.We really like the dashboard from Trellix and we've found that it's pretty informative.
  5. A good feature is how the solution packages varied information into a single dashboard that's readable and meets our needs.Cynet is unique in that it has almost everything included and it was built up from the ground, instead of a bundle of purchased and composed modules. It gives you easier very good visibility than Sentinel One as well as a lower maintenance burden.
  6. It has evolved a lot, just that monitoring piece to the current Orchestrator piece. The additional analytics are there. They now have something called Insight, which can basically take data from Microsoft Azure AD and Intune to give us information about our endpoints. This is detailed information about the endpoints, from Secure Endpoint and all these different products. So, it is just constantly evolving. Every time that it evolves, we have more information with more visibility. There are more features that we have that just make everything so much easier, and it is in one place. I don't have to keep going back and forth. I don't have to go to Secure Endpoint and ISE to get the data. I don't have to go to Intune on Microsoft to get the information. It is all in one place.
  7. It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment.
  8. report
    Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
    655,465 professionals have used our research since 2012.
  9. We can scale the product as needed. The solution is stable.
  10. Technical support is knowledgeable. It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users.

Advice From The Community

Read answers to top Extended Detection and Response (XDR) questions. 655,465 professionals have gotten help from our community of experts.
Ariel Lindenfeld - PeerSpot reviewer
Ariel Lindenfeld
Sr. Director of Community
Sep 09 2022

Let the community know what you think. Share your opinions now!

Enayat Galsulkar - PeerSpot reviewer
Enayat GalsulkarThreat Hunting, Threat Feed and Analytics.  Visibility and Co-Relation of… more »
7 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi infosec professionals, What are the main architectural differences between those two technologies? What are the relations between the two of them? Are they complementary? What does an XDR solution provide that SIEM doesn't and vice versa? Thanks for sharing your knowledge with the community!
Read More »
David Swift - PeerSpot reviewer
David SwiftSIEM focuses on correlation - detection, both known (and with UEBA), unknown/0… more »
6 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

Hi SOC analysts and other infosec professionals,

Which standard/custom method do you use to decide about the alert severity in your SOC? 

Is it possible to avoid being too subjective? How do you fight the "alert fatigue"?

Robert Cheruiyot - PeerSpot reviewer
Robert CheruiyotHi @Evgeny Belenky, I think as long as you do this thing manually, you will… more »
6 Answers

Extended Detection and Response (XDR) Articles

Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)
Aug 05 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features...
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Jul 11 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you reco...
Read More »
Ravi Suvvari - PeerSpot reviewer
Ravi SuvvariGood very informative
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi peers, Spotlight #6 is our fresh bi-weekly community digest. It helps you catch up on recent contributions by community members. Please comment below with your feedback about our new brand name and this Spotlight!  Trending Top RPA trends and forecasts that will help boost the techn...
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky@Shibu Babuchandran ​and @Dominic-Gopal, thank you for contributing your… more »
reviewer1577907 - PeerSpot reviewer
reviewer1577907Thank you for this helpful post and congratulations on the new company name!
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi community members, Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback! Trending What are the pros and cons of internal SOC vs SOC-as-a-Service? Join The Moderator Team at IT Ce...
Read More »

Extended Detection and Response (XDR) Topics

What problems does XDR solve?

Attackers target many layers of the IT environment, including the corporate network, email servers, and cloud systems. Security teams must build a security toolset that enables effective detection and response to security threats

Extended detection and response helps resolve both security and operational challenges. It is a security solution that:

  • Consolidates data from all layers of the IT environment - endpoints, network, email, cloud systems, etc.

  • Provides a single interface for security personnel to review and manage.

  • Automates triage and investigation.
How does XDR serve as a benefit for cybersecurity professionals?

Extended detection and response is designed to help security teams:

  • Identify highly sophisticated threats.

  • Identify hidden threats.

  • Track threats across the entire IT infrastructure.

  • Improve detection and response speed.

  • Effectively and efficiently investigate threats.
Is XDR an antivirus?

XDR is not an antivirus.

XDR is a centrally managed security solution that protects networks and all their endpoints from various threats. An antivirus is a standalone security solution that protects the individual system or device it is installed upon from various malware activities.

XDR, on the other hand, is a complete solution with multiple capabilities, including intrusion detection, data encryption, and firewalls, etc. An antivirus works like a subset of XDR that detects and removes malicious files.

What is the difference between EDR and XDR?

Endpoint detection and response (EDR) products monitor events generated by endpoint agents to look for suspicious activity. These solutions also collect data on suspicious activity and improve it with other contextual information from correlated events. However, EDR solutions do not offer integrations with other tools and data sources for full visibility.

XDR provides a wider view, integrating data from endpoint, cloud, identity, and other solutions, allowing for full visibility into an organization’s network and IT environments.

What is the difference between XDR and SIEM?

Security information and event management (SIEM) is a key element of the modern security operations center (SOC). SIEM pulls log data from dozens or hundreds of security tools to generate meaningful alerts and provides one interface for security analysis.

This is similar to XDR. However, SIEM only provides a summarized view of security data. This results in a very low level of detail.

SIEM cannot access or process additional information from other security tools to further investigate a specific incident.

In addition, SIEMs don’t have built-in response capabilities. SIEM is a detection tool that can identify security incidents but cannot stop or eradicate threats.

XDR has the following features that SIEM lacks:

  • Interaction with security tools: XDR retrieves information related to an incident and using that information, activates defensive measures to deal with that incident.

  • Unified data view: XDR accesses data drawn from multiple security layers, as opposed to the shallow data provided by SIEM. This enables querying and manipulation of in-depth data from security tools, such as cloud system entitlements or endpoint configuration data.

  • Artificial intelligence: XDR uses advanced machine learning and AI capabilities to improve alerting.
What is MDR and EDR?

Managed detection and response (MDR) is an outsourced service that offers dedicated personnel and technology to help companies improve the efficiency of security operations, threat identification, threat investigation, and threat response.

Endpoint detection and response (EDR) refers to a group of tools used to find and investigate threats to endpoint devices. EDR tools typically provide detection, analysis, investigation, and response capabilities.


Managed detection and response (MDR) solves challenges faced by security teams by strengthening a company's internal security team with external resources and personnel. An MDR service provider will offer an external Security operations center (SOC) that carries out the necessary actions to monitor and protect an organization’s IT assets. An MDR provider will likely use XDR solutions, but they will be controlled by external SOC analysts rather than an in-house team.

XDR solves security challenges by simplifying them and enabling in-house security teams to efficiently do their jobs. XDR unifies visibility across an organization’s security architecture and automates recurring and time-consuming tasks.

What are endpoint detection and response tools?

Endpoint detection and response tools integrate network, endpoint, cloud, and third-party data to prevent security attacks. XDR tools unify threat prevention, detection, investigation, and response all in one platform. XDR tools detect threats using behavioral analytics to help reveal the root cause of the threats.

XDR Tools Benefits

Some of the benefits of using XDR tools include:

  • Endpoint protection: Block known and unknown threats with endpoint protection. In addition, block malware, exploits, and other attacks with integrated AI-driven antivirus and security intelligence.

  • Data visibility: Collect and correlate data from any source to detect, investigate, and respond to threats.

  • Automatic attack detection: XDR tools provide out-of-the-box analytics and custom rules to detect advanced continuous threats and other covert attacks.

  • Unnecessary alert reduction: Simplify investigations with automated root cause analysis and a unified incident engine, reducing the number of alerts being sent.

  • Threat protection: Protect networks against internal and external attacks, ransomware, fileless and memory-only attacks, and advanced zero-day malware.

  • Swift recovery: Promptly remedy an attack by removing malicious files and registry keys, as well as restoring corrupted files and registry keys using remediation suggestions.

  • Third-party detection and response: Enable behavioral analytics on logs collected from third-party firewalls and consolidate third-party notifications into a unified report for analysis and investigation.
XDR Tools Features

When choosing an XDR tool, here are some features to look out for:

  • Single analyst interface: XDR tools provide a unified management workflow across the entire company’s security environment. This allows analysts to review attack stories and investigate incidents across all security silos in one place.

  • Unified visibility: XDR tools enable security visibility in a single dashboard across the network, endpoints, cloud environment, mobile devices, and any other part of the IT infrastructure.

  • Unified management console: Security teams have one central location to manage security configurations and policies throughout the entire IT environment.

  • Integrated platform: XDR tools have off-the-shelf, integrated, pre-tuned detection mechanisms for many types of security data. This enables IT teams to identify threats, investigate them, and respond, all in a short period of time from a unified interface.
Buyer's Guide
Extended Detection and Response (XDR)
November 2022
Find out what your peers are saying about Palo Alto Networks, Microsoft, Trellix and others in Extended Detection and Response (XDR). Updated: November 2022.
655,465 professionals have used our research since 2012.