XDR: The Next Step in Threat Detection and Response

The global EDR market (Endpoint Detection and Response) is growing rapidly. The Transparency Market Research team predicted that this market will increase at a CAGR of about 21% in the next decade, reported Help Net Security. If it happens, this growth will help the global EDR market surpass a valuation of $13.8 billion by 2030.

What’s Behind the Projected Growth of EDR?

One of the biggest reasons for these optimistic forecasts is the reality that organizations need a systemized approach to defend all their endpoints against digital threats. To put this into perspective, LogMeIn found that the average organization had approximately 750 servers, employee computers, mobile devices and other endpoints connected to the network. 

Such complexity makes it difficult for security teams to effectively manage those devices. In the absence of something like EDR, they’re limited in their ability to adequately defend their organization against both internal and external security threats that impact assets beyond the endpoint.

Not only that, but the number of endpoints will likely increase over the next few years as the world witnesses a surge in the number of connected devices over the next few years. Indeed, Gartner estimated that the number of PCs, tablets and mobile phones would total 6.2 billion units in 2021 before reaching 6.4 billion units a year later. 

“The COVID-19 pandemic has permanently changed device usage patterns of employees and consumers,” explained Ranjit Atwal, senior research director at Gartner, in a press release. “With remote work turning into hybrid work, home education changing into digital education and interactive gaming moving to the cloud, both the types and number of devices people need, have and use will continue to rise.”

Understanding the Pervasiveness of EDR Neglect

Notwithstanding the growing number of endpoints and devices, many organizations aren’t using EDR solutions. A majority (64%) of respondents to a 2020 study said they did not use EDR, reported TechRepublic. Those individuals went on to cite a lack of skilled security staff as one of the reasons why.

This issue in part ties back to the growing complexity of the corporate network itself. Nowadays, it’s no longer just about endpoints. Many organizations are moving to the cloud as well as deploying smart sensors and other Internet of Things (IoT) devices, for example. Those entities need to be able to defend all those products against digital threats without having to invest in disparate solutions for their different environments that don’t work together to correlate threats to the enterprise.

In fact, it’s something that already weighs on security professionals’ minds. Two-thirds of respondents to an ESG Research survey said that their threat detection and response capabilities were limited because their security posture relied on too many disparate solutions. Approximately the same percentage said that their use of too many manual processes made it even more difficult for them to effectively detect and respond to threats.

Moving Beyond EDR: Extending Threat Detection

The challenges with EDR discussed above have helped to give birth to a new phase of threat detection: Extended Detection and Response (XDR). According to Dark Reading, XDR builds on the success of EDR and replicates its functionality by gathering security and event data from laptops, mobile devices, applications and user identities. 

But XDR takes this philosophy a step further. It uses automation to correlate endpoint threat data with telemetry that’s been gathered from cloud-based assets, IoT devices, network tools and other parts of their infrastructure. XDR thereby provides security teams with visibility into their organizations’ environments and the automated processes they need to stay ahead of emerging threats.

To help organizations maximize their threat detection and response efforts, XDR focuses on both Indicators of Compromise (IOCs) and Indicators of Behavior (IOBs) instead of just generating uncorrelated alerts that require manual triage and investigation. This enables security teams to quickly pinpoint, understand and stop any MalOp™ (malicious operation) across an organization's infrastructure without security personnel needing to waste time chasing false positives. 

In doing so, an AI-driven XDR solution frees security analysts from some of the more tedious manual tasks that are more efficient when automated for enhanced threat detection and response, thus allowing those experts to make a more meaningful contribution to their organizations’ security posture. 


Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across the enterprise, to everywhere the battle is taking place. Learn more about AI-driven Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Anthony M. Freed
About the Author

Anthony M. Freed

Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

All Posts by Anthony M. Freed