Chief Information Security Officer at Canara Robeco Asset Management Company Limited
User
2022-09-09T05:35:28Z
Sep 9, 2022
Adaptability and adoptability of new solutions, flexibility on cloud platforms, ease of use, and approach. The solution should also have a strong end-to-end incident response system.
Search for a product comparison in Extended Detection and Response (XDR)
Product Manager at a tech vendor with 11-50 employees
Real User
Top 5
2022-08-10T13:09:51Z
Aug 10, 2022
Check for EDR in the beginning. If EDR does not provide you sufficient information, then XDR won't satisfy your needs. Keep that in mind that the term XDR is overly abused by vendors.
ESET Support at a computer software company with 11-50 employees
Reseller
Top 10
2022-08-10T13:07:05Z
Aug 10, 2022
XDR solution should not be constrained by the design of the features that brigs. It should allow you to build any kind of detection rule or exclusion, based on every info that agents gather from endpoints. Also, enough tools provided for response. Kill, block, suspend, isolate etc.
From investment protection point of view, it would be better to go for a XDR solution that allows feeds from security products of multiple vendors. Many of the XDR solutions can correlate feeds from their own security products only.
Second most important thing would be how reputed and rich threat feeds are and form multiple sources.
Third would a top notch response team that can detect anomalies
Deputy Technical Manager (SOC Operations) at a tech services company with 1,001-5,000 employees
Real User
Top 5
2021-05-18T05:34:07Z
May 18, 2021
The correlation of data over a variety of security layers as endpoints, email, servers, cloud workloads, and the general network. XDR must also strive to visualize the entire attack lifecycle.
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
Director InfoSec and Audit at a manufacturing company with 1,001-5,000 employees
Real User
Top 5
2020-12-03T13:44:27Z
Dec 3, 2020
The rapid support and confidence of an expert team that is always there monitoring for potential unusual activity in our environment with numerous predefined playbooks that can take automated actions or the ability to create our own for unique situations. Incident view to see from beginning to end of an event and the process that prevented it from becoming an issue in our environment. Ability to use honeypots across files, users, networks, and devices to capture an attacker in the act.
Hello peers,
I work for a large manufacturing company. We are evaluating EDR and XDR solutions for Endpoint Security, can anyone suggest some good ones for comparison with pros and cons? We did a demo with CrowdStrike, FortiEDR, and SentinelOne.
Thank you for your help.
Hi, It seems you are already looking at some of the best and leaders in the new Gartner Quadrant. SentinelOne and CrowdStrike are very close in their offerings, detections, and responses. CrowdStrike might be a little more mature in their MDR offering, but both are doing very well in protecting your endpoints.You might consider Cybereason as well.Regarding EDR vs XDR, according to the Gartner Hype Curve, EDR is a more mature technology whereas XDR's maturity mostly is on the material from marketing. The difference is whether or not external logs and alerts are consolidated within the platform. Most EDR vendors claim they have XDR as well, but as most vendors, they talk the talk way before they can walk the walk and before the market are ready for the adoption. So if you are a first mover you can go for the full package but you must expect to accept some bugs and be the vendor's remote test lab.Besides that, nearly all solutions have APIs to be called and thus can be included in most platforms.
Product Manager at a tech vendor with 11-50 employees
Mar 6, 2023
I agree with Carsten and want to add my experience. With S1, I get more false positives and resource consumption is a little bit more. Currently, I'm using CD and happy using it. MDR Services is provided by its own staff, not 3rd party. Single-click rollback is a plus with S1. About XDR, it depends on your company's security culture. I think there's no application that you just deploy and relax. If someone says "we do", I simply don't believe it. Network security is a different issue and it's hard to identify adversaries only with AI. You have to have a team to follow up on network traffic. For EDR, AI is more convenient. With XDR, AI will give you lots of false positives. After a while, you'll get exhausted from the noise. Also, most attacks target endpoints, so EDR has more priority in my opinion.
Hi community,
What tools and solutions do you use to maximize the power of the automated incident response in a large organization?
Is it SOAR only? Others?Thanks!
Hi community members,
As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers.
Trending
See what is trending at the moment and chime in to discuss!
Top 8 Extended Detection and Response (XDR) Tools 2022
Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
What is the...
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.
Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why.
You can read user reviews for the Top Extended Detection and Response (XDR...
Information Security Manager at a retailer with 10,001+ employees
Aug 5, 2022
Well, some times ago, EDR agents was moved to XDR but now, XDR is on "peak of inflated expectations", the second of five phases in product development hype. I'd rather wait a little bit, may be ZDR :)
Hi peers,
Spotlight #6 is our fresh bi-weekly community digest. It helps you catch up on recent contributions by community members. Please comment below with your feedback about our new brand name and this Spotlight!
Trending
Top RPA trends and forecasts that will help boost the technology-driven sector in 2022 and beyond
What are your top Extended Detection and Response (XDR) pr...
Hi community members,
Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback!
Trending
What are the pros and cons of internal SOC vs SOC-as-a-Service?
Join The Moderator Team at IT Central Station (soon to be PeerSpot)!
Questions
Share your experience with other peers by ans...
Adaptability and adoptability of new solutions, flexibility on cloud platforms, ease of use, and approach. The solution should also have a strong end-to-end incident response system.
Check for EDR in the beginning. If EDR does not provide you sufficient information, then XDR won't satisfy your needs. Keep that in mind that the term XDR is overly abused by vendors.
XDR solution should not be constrained by the design of the features that brigs. It should allow you to build any kind of detection rule or exclusion, based on every info that agents gather from endpoints. Also, enough tools provided for response. Kill, block, suspend, isolate etc.
From investment protection point of view, it would be better to go for a XDR solution that allows feeds from security products of multiple vendors. Many of the XDR solutions can correlate feeds from their own security products only.
Second most important thing would be how reputed and rich threat feeds are and form multiple sources.
Third would a top notch response team that can detect anomalies
The correlation of data over a variety of security layers as endpoints, email, servers, cloud workloads, and the general network. XDR must also strive to visualize the entire attack lifecycle.
Threat Hunting, Threat Feed and Analytics.
Visibility and Co-Relation of Threats
Cloud Based Management
@E.ABDUL Thanks for weighing in :)
The rapid support and confidence of an expert team that is always there monitoring for potential unusual activity in our environment with numerous predefined playbooks that can take automated actions or the ability to create our own for unique situations. Incident view to see from beginning to end of an event and the process that prevented it from becoming an issue in our environment. Ability to use honeypots across files, users, networks, and devices to capture an attacker in the act.