2023-03-02T12:25:00Z

Which is better for Endpoint Security: EDR or XDR solutions?

Hello peers, 

I work for a large manufacturing company. We are evaluating EDR and XDR solutions for Endpoint Security, can anyone suggest some good ones for comparison with pros and cons? We did a demo with CrowdStrike, FortiEDR, and SentinelOne.

Thank you for your help.

RJ
User at African Industries
  • 8
  • 151
6
PeerSpot user
6 Answers
CA
Product Manager at a comms service provider with 51-200 employees
Real User
Top 5
2023-03-06T10:39:03Z
Mar 6, 2023

I agree with Carsten and want to add my experience. With S1, I get more false positives and resource consumption is a little bit more. Currently, I'm using CD and happy using it. MDR Services is provided by its own staff, not 3rd party. Single-click rollback is a plus with S1. 

About XDR, it depends on your company's security culture. I think there's no application that you just deploy and relax. If someone says "we do", I simply don't believe it. Network security is a different issue and it's hard to identify adversaries only with AI. You have to have a team to follow up on network traffic. For EDR, AI is more convenient. With XDR, AI will give you lots of false positives. After a while, you'll get exhausted from the noise. Also, most attacks target endpoints, so EDR has more priority in my opinion.

CR
Director at REDCO
Reseller
Top 5Leaderboard
Mar 6, 2023

hi, if they have the personnel trained with EDR it is more than enough otherwise XDR is necessary, but the detail to review is the costs of XDR. Greetings

PeerSpot user
Search for a product comparison in EDR (Endpoint Detection and Response)
CP
Partner Account Manager 🔆 at SEC DataCom A/S
Reseller
Top 10
2023-03-06T07:41:23Z
Mar 6, 2023

Hi, 

It seems you are already looking at some of the best and leaders in the new Gartner Quadrant. SentinelOne and CrowdStrike are very close in their offerings, detections, and responses. CrowdStrike might be a little more mature in their MDR offering, but both are doing very well in protecting your endpoints.

You might consider Cybereason as well.

Regarding EDR vs XDR, according to the Gartner Hype Curve, EDR is a more mature technology whereas XDR's maturity mostly is on the material from marketing. The difference is whether or not external logs and alerts are consolidated within the platform. Most EDR vendors claim they have XDR as well, but as most vendors, they talk the talk way before they can walk the walk and before the market are ready for the adoption. So if you are a first mover you can go for the full package but you must expect to accept some bugs and be the vendor's remote test lab.

Besides that, nearly all solutions have APIs to be called and thus can be included in most platforms.

Aaron Branson - PeerSpot reviewer
Head of Marketing, Cybersecurity Solutions at Netsurion
Real User
Top 5
2023-06-21T17:56:51Z
Jun 21, 2023

I'm a bit late to the party, but this topic and the cybersecurity market's knack for just making things too dang confusing is something I'm a fan of addressing. A couple things. First, these acronyms are heavily abused by vendors so best to unpack what your desired outcome is and not expect their definitions to be apples-to-apples. For instance:


1. EDR vs. XDR (Endpoint vs. Extended): It comes down to scope. EDR is a security solution watching and defending endpoints. What's an endpoint? Workstations, servers, virtual machines, even mobile devices. Any XDR solution can get away with protecting that plus something else. But it SHOULD consist of 1) network traffic, 2) user and entity behavior, 3) cloud infrastructure, and 4) SaaS applications to name a few. 


2.  SecOps Architecture: What's your big picture to cover your entire IT estate? If EDR is truly the only missing link and you have threat detection and incident response (TDIR) covering the other aforementioned attack surface, great! Then EDR is probably the right-size/scope solution. If not, back up and think about your entire attack surface and if you should consider "TRUE" XDR. If you consider XDR, start with their integration library. Many so-called XDR solutions have pitiful data source (telemetry) coverage.


3. Delivery Model (SaaS or Managed Service): Do you have the staff resources and expertise to drive these tools to get the promised outcome? If so, think SaaS. If not, think Managed EDR or Managed XDR. And if you are looking for the latter, be ready to inspect the real SLA of the vendor. Are they giving "managed" lip service or real tailored service to you. 


If it's still of any use, we also have some good resources to unpack XDR, Open XDR, Managed XDR and what all how to go about evaluating your options at https://www.netsurion.com/capa...















Real User
2023-03-07T17:20:17Z
Mar 7, 2023

Hi Raja - Have you looked at Xcitium? Xcitium has a patented piece of technology to deal with unknown malware and unknown ransomware. CrowdStrike, FortiEDR, SentinelOne, etc. all rely on detection which fail as it's impossible to detect something you don't know about. At Xcitium, Good? Let it in. Bad? Kill it. Unknown? Automatically put in our detection-less protection. Containment also removes the hindrance of productivity as one can still open, edit, and access their file.  Care to chat? https://calendly.com/megan-tol...

Nikki Webb - PeerSpot reviewer
Global Channel Manager at Custodian360
Consultant
Top 20
2023-03-07T09:01:37Z
Mar 7, 2023

Both EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) solutions are designed to improve endpoint security by detecting and responding to threats.


EDR solutions typically focus on monitoring endpoints for suspicious activity, such as the creation or modification of system files, changes to the Windows registry, or the execution of suspicious processes. EDR solutions provide a detailed view of endpoint activity, allowing security teams to quickly identify and investigate potential threats.


On the other hand, XDR solutions expand beyond endpoint-focused capabilities to include other security sources such as network traffic, cloud workloads, and email. XDR solutions leverage machine learning and behavioral analytics to provide more advanced threat detection and response capabilities, allowing security teams to detect and respond to threats faster and with greater accuracy.


Ultimately, the decision of which solution is better for endpoint security depends on your specific security needs and the resources available to your organization. EDR solutions are generally a good fit for organizations with a limited security team or budget, while XDR solutions may be more appropriate for larger organizations with a more complex security environment.

Steffen Hornung - PeerSpot reviewer
Administrator at Neuberger Gebäudeautomation GmbH
Real User
Top 5Leaderboard
2023-03-06T15:59:44Z
Mar 6, 2023

Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) are two solutions for endpoint security that offer distinct features and benefits.


EDR solutions provide continuous monitoring of endpoints and provide visibility into events, incidents, and threats on those endpoints. These solutions help detect and respond to attacks in real-time, providing administrators with granular control over endpoint activity.


XDR solutions, on the other hand, provide a more comprehensive approach to security. These solutions incorporate EDR capabilities but extend their coverage to other areas such as network, cloud, and email. By combining data from multiple sources, XDR solutions provide more context for security events, improving their accuracy and effectiveness.


Here are some EDR and XDR solutions for comparison:



  1. CrowdStrike: A cloud-native EDR solution that provides real-time endpoint protection and threat intelligence. CrowdStrike Falcon uses machine learning and behavioral analysis to detect and prevent threats.

  2. FortiEDR: A comprehensive EDR solution that combines endpoint protection with automated detection and response capabilities. FortiEDR also includes advanced threat intelligence and sandboxing capabilities.

  3. SentinelOne: A next-generation EDR solution that uses behavioral AI to detect and prevent threats in real-time. SentinelOne's endpoint protection also includes automated response capabilities.

  4. Trend Micro XDR: A cloud-based XDR solution that provides cross-layer detection and response capabilities across endpoints, networks, and cloud environments. Trend Micro XDR includes advanced threat intelligence and machine learning capabilities.

  5. Palo Alto Networks XDR: A cloud-based XDR solution that provides automated threat detection and response capabilities across endpoints, networks, and cloud environments. Palo Alto Networks XDR also includes advanced behavioral analytics and machine learning capabilities.


Pros and cons of EDR vs XDR:


EDR Pros:



  • Provide real-time monitoring and detection of endpoint threats

  • Granular control over endpoint activity

  • Easy to implement and manage


EDR Cons:



  • Limited to endpoint protection only

  • May not be effective against more sophisticated attacks


XDR Pros:



  • Comprehensive protection across multiple environments

  • Improved accuracy and effectiveness through cross-layer correlation

  • Centralized management and reporting


XDR Cons:



  • Can be more complex to implement and manage

  • May require more resources and expertise


In conclusion, the choice between EDR and XDR solutions depends on the specific needs and requirements of your organization. While EDR solutions provide effective endpoint protection, XDR solutions offer more comprehensive protection across multiple environments. Ultimately, it is recommended to evaluate multiple solutions and choose the one that meets your specific security needs.

Steffen Hornung - PeerSpot reviewer
Administrator at Neuberger Gebäudeautomation GmbH
Real User
Top 5Leaderboard
Mar 6, 2023

in Addition to my answer: demo is nicejust test the solutions fully by doing a poc/pov. Play through all the nitty/gritty dos and donts and see with which solution you feel better Also look how you are been taking care of. If you dont feel good about responsiveness and helpfulness you better keep your distance. Pricing is always a trigger for management but if you tell them the low-cost (there is no such thing with EDR and XDR by the way) solution didnt play well pre-sales they can conclude whats happening after deal-time.

PeerSpot user
Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
734,963 professionals have used our research since 2012.
Related Questions
SK
System Administrator at Navisite
Aug 16, 2023
Hello peers,  I am a System Administrator at a large tech vendor. I am currently researching EDR tools and wish to learn more about them. What is your experience with EDR solutions? What is the best way to work with EDR security as a SOC consultant? Thank you for your help.
2 out of 4 answers
Gerald Mbewa - PeerSpot reviewer
Cyber Security Analyst at DIgital Sentry Ltd
Aug 9, 2023
Working with Endpoint Detection and Response (EDR) security as a Security Operations Center (SOC) consultant involves a strategic and hands-on approach to effectively manage and respond to potential security threats and incidents. To effectively work with EDR security: Configure Tools: Set up EDR tools to monitor endpoints efficiently. Customize Rules: Tailor detection rules for specific threats. Monitor Continuously: Keep a watchful eye on endpoint activities in real time. Proactively Hunt: Actively seek hidden threats beyond automated alerts. Use Threat Intel: Integrate threat intelligence to enhance detection. Respond Swiftly: Quickly assess, contain, and mitigate incidents. Automate Tasks: Use automation for faster responses. Collaborate: Communicate and work with other teams. Analyze Post-Incident: Review incidents to learn and improve. Stay Updated: Regularly train and adapt to new threats. Iterate: Continuously refine strategies for better protection.
SS
Technical Engineer at a tech services company with 1,001-5,000 employees
Aug 9, 2023
Hi, EDR is the emerging technology that will help you to do RCA of any environment, and EDR does have the capabilities to detect unknown, script base or fileless attacks, even some of the EDR vendors have the capabilities to prevent the ongoing attack. It totally works on behaviour base analysis and the EDR agent will monitor everything individual process which are running in your endpoints. I do feel that every organisation should put the EDR to their environment because attacks are very sophisticated nowadays. It has the capability to do Incident Response as well which typically allows users to take remote access to endpoints and run some commands in order to do remote remediation.
NV
Content Editor at a tech company with 51-200 employees
Aug 9, 2023
Hi community, Why is EDR (Endpoint Detection and Response) important for companies? Share your thoughts with the rest of the community.
See 2 answers
NV
Content Editor at a tech company with 51-200 employees
Jul 19, 2023
EDR (Endpoint Detection and Response) is important for companies because:-It provides real-time visibility into endpoint activities, allowing companies to detect and respond to potential threats quickly.-EDR software helps in identifying and investigating security incidents, enabling companies to understand the scope and impact of an attack.-It enhances threat-hunting capabilities by continuously monitoring endpoints for suspicious behavior and indicators of compromise.-EDR solutions offer advanced threat detection and prevention mechanisms, including behavioral analysis and machine learning algorithms.-It helps in reducing the dwell time of threats by quickly identifying and containing malicious activities on endpoints.-EDR software assists in compliance management by providing detailed endpoint activity logs and reports.-It enables companies to proactively protect their endpoints against emerging threats and zero-day vulnerabilities.-EDR solutions can integrate with other security tools and systems, enhancing the overall security posture of the organization.-It aids in incident response and remediation by providing actionable insights and facilitating the isolation and removal of threats.-EDR software helps in improving the overall cybersecurity posture of the company, safeguarding sensitive data, and preventing financial losses.
Gerald Mbewa - PeerSpot reviewer
Cyber Security Analyst at DIgital Sentry Ltd
Aug 9, 2023
EDR (Endpoint Detection and Response) is vital for companies due to its ability to quickly detect, respond to, and prevent advanced cyber threats at the endpoint level. It offers real-time visibility, advanced threat detection, proactive threat hunting, swift incident response, and detailed endpoint insights. EDR strengthens security, reduces damage, aids compliance, and adapts well to remote work scenarios.
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Aug 9, 2022
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endpoint security solution, and why they are important. 1) Does the solution employ Foundational Tech...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
Dear professionals, Welcome back to PeerSpot's Community Spotlight! Below you can find the latest hot topics posted by your fellow PeerSpot Community members. Read articles, answer questions, and contribute to discussions that are relevant to you and your expertise. Or ask your peers for insight on topics that interest you! Trending Here are some topics that your peers are discussi...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
@Chris Childerhose, @PraveenKambhampati, @Deena Nouril, @Shibu Babuchandran and @reviewer1925439, Thank you for contributing your articles and sharing your professional knowledge with 618K PeerSpot community members around the globe as well as with a much bigger readers audience!
EB
Director of Community at PeerSpot (formerly IT Central Station)
May 2, 2022
Hi peers, We're happy to share our new bi-weekly Community Spotlight with you. Here you'll find recent contributions by PeerSpot community members: questions, articles and trending discussions. Trending See what your peers are discussing at the moment! What to choose: an endpoint antivirus, an EDR solution, or both? What is your recommended IT Service Management (ITSM) tool in 2022? W...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Feb 4, 2022
Hi dear community members, This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions! Trending What are the Top 5 cybersecurity trends in 2022? What are the main benefits of modern IT Asset Discovery tools? Tip Post an educational article from your Home feed and receive 20 point...
See 1 comment
reviewer1577907 - PeerSpot reviewer
Manager at PeerSpot
Feb 4, 2022
Thank you, these community Spotlights are very handy!
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Aug 9, 2022
8 Questions to Ask While Selecting an Endpoint Security Solution for Your Business
If you’re weighing your options for endpoint security solutions, there are many options out there...
Download Free Report
Download our free Cisco Secure Endpoint Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
DOWNLOAD NOW
734,963 professionals have used our research since 2012.