XDR is Here: How and Why to Get Started

The Extended Detection and Response (XDR) market is expected to increase over the next few years. Grand View Research wrote that the global XDR market will grow at a CAGR of 19.9% between 2021 and 2028. This surge will bring the market’s value up to $2.06 billion by that time.

Understanding XDR’s Staying Power

The forecast discussed above suggests that XDR is here to stay for the foreseeable future. There are a few reasons for this. First, all the other threat detection and response approaches just don’t cut it anymore. Take Security Information and Event Management (SIEM) as an example. 

These tools might be able to help to centralize alerts, making it easier for security and IT to respond to potential security incidents. Still, a SIEM is only as good as its data lake structure and cloud analytics, sources which can make SIEMs expensive at best and unreliable at worst. What’s more, SIEMs tend to generate false positives and alerts that contribute to a sense of alert fatigue among security teams.

Security Orchestration, Automation, and Response (SOAR) platforms suffer from similar issues. Their value also hinges on their ingested data sources. But there’s the additional challenge of integrations. 

SOAR solutions must be integrated with other security solutions to streamline threat detection and response with automation workflows and response playbooks. Together, these functionalities can help save time for security teams–so long as there’s support for the types of integrations that matter to an organization.

Finally, there is Endpoint Detection and Response (EDR). This category of security solutions is more effective than antivirus and antimalware endpoint security tools at detecting potential security threats. But many of today’s attacks aren’t limited to a specific endpoint, thereby making it more difficult for infosec personnel to defend against today’s attack operations if they rely on an EDR tool alone.

The Benefits of XDR

XDR already offers several benefits to organizations. Even so, more advantages will likely emerge as Extended Detection and Response continues to grow in sophistication. 

Let’s look at an example. Today, many XDR providers leverage telemetry from across the entire It ecosystem to detect and end both known never before seen attack progressions. And an AI-driven XDR takes this functionality to the next level by drawing upon artificial intelligence (AI) and machine learning (ML). 

These capabilities enable AI-driven XDR platforms to automatically correlate telemetry from across endpoints, data centers, application suites, user identities, and more–freeing security teams from the need to drill down into a flood of non-contextual threat alerts and false positives. What’s more, it empowers them with the automated and/or guided response options they need to respond quickly to legitimate security concerns involving their employer.

XDR as an Architectural Approach

It’s important to clarify that implementing tools does not encapsulate XDR. As SecurityWeek observed, “If we define XDR as a solution, SOCs can’t reach their ultimate destination because, as a solution, XDR can’t be a holistic approach. Organizations will end up with multiple XDRs from multiple vendors that still need to talk to one another, and security gaps will continue to exist for threat actors to exploit.”

To eliminate those security gaps and reduce unnecessary complexity, organizations need to treat XDR as a journey and an architectural approach to bring different data sources and tools together. They can get started by following the advice of Forbes and identifying use cases along with high-priority IT assets that they would like to focus on protecting. 

With that knowledge, key stakeholders can review what security tools they already use to protect those assets. Along the way, security and IT can work with the stakeholders to remove redundant solutions and streamline their defenses while integrating different tools to provide more holistic protection across their infrastructure.

Organizations might need help doing this. Towards that end, they might consider working with a managed XDR provider that can help them formulate and pursue their detection and response strategy. 

The AI-Driven XDR Advantage

An AI-driven XDR solution enables organizations to embrace an operation-centric approach to security that delivers the visibility organizations require to be confident in their security posture across all network assets and the automated responses to halt attack progressions at the earliest stages. 

In addition, an AI-driven XDR solution should provide Defenders with the ability to predict, detect and respond to cyberattacks across the entire enterprise, including endpoints, networks, identities, cloud, application workspaces, and more.


Cybereason is dedicated to teaming with Defenders to end attacks on the endpoint, across the enterprise, to everywhere the battle is taking place. Learn more about AI-driven Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Anthony M. Freed
About the Author

Anthony M. Freed

Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

All Posts by Anthony M. Freed