XDR: The Next Step in Threat Detection and Response

August 9, 2021 | 3 minute read

The global EDR market (Endpoint Detection and Response) is growing rapidly. The Transparency Market Research team predicted that this market will increase at a CAGR of about 21% in the next decade, reported Help Net Security. If it happens, this growth will help the global EDR market surpass a valuation of $13.8 billion by 2030.

What’s Behind the Projected Growth of EDR?

One of the biggest reasons for these optimistic forecasts is the reality that organizations need a systemized approach to defend all their endpoints against digital threats. To put this into perspective, LogMeIn found that the average organization had approximately 750 servers, employee computers, mobile devices and other endpoints connected to the network. 

Such complexity makes it difficult for security teams to effectively manage those devices. In the absence of something like EDR, they’re limited in their ability to adequately defend their organization against both internal and external security threats that impact assets beyond the endpoint.

Not only that, but the number of endpoints will likely increase over the next few years as the world witnesses a surge in the number of connected devices over the next few years. Indeed, Gartner estimated that the number of PCs, tablets and mobile phones would total 6.2 billion units in 2021 before reaching 6.4 billion units a year later. 

“The COVID-19 pandemic has permanently changed device usage patterns of employees and consumers,” explained Ranjit Atwal, senior research director at Gartner, in a press release. “With remote work turning into hybrid work, home education changing into digital education and interactive gaming moving to the cloud, both the types and number of devices people need, have and use will continue to rise.”

Understanding the Pervasiveness of EDR Neglect

Notwithstanding the growing number of endpoints and devices, many organizations aren’t using EDR solutions. A majority (64%) of respondents to a 2020 study said they did not use EDR, reported TechRepublic. Those individuals went on to cite a lack of skilled security staff as one of the reasons why.

This issue in part ties back to the growing complexity of the corporate network itself. Nowadays, it’s no longer just about endpoints. Many organizations are moving to the cloud as well as deploying smart sensors and other Internet of Things (IoT) devices, for example. Those entities need to be able to defend all those products against digital threats without having to invest in disparate solutions for their different environments that don’t work together to correlate threats to the enterprise.

In fact, it’s something that already weighs on security professionals’ minds. Two-thirds of respondents to an ESG Research survey said that their threat detection and response capabilities were limited because their security posture relied on too many disparate solutions. Approximately the same percentage said that their use of too many manual processes made it even more difficult for them to effectively detect and respond to threats.

Moving Beyond EDR

The challenges with EDR discussed above have helped to give birth to a new phase of threat detection: XDR (Extended Detection and Response). According to Dark Reading, XDR builds on the success of EDR and replicates its functionality by gathering security and event data from laptops, mobile devices, applications and user identities. 

But XDR takes this philosophy a step further. It uses automation to correlate endpoint threat data with telemetry that’s been gathered from cloud-based assets, IoT devices, network tools and other parts of their infrastructure. XDR thereby provides security teams with visibility into their organizations’ environments and the automated processes they need to stay ahead of emerging threats.

To help organizations maximize their threat detection and response efforts, Cybereason XDR focuses on both Indicators of Compromise (IOCs) and Indicators of Behavior (IOBs) instead of just generating uncorrelated alerts that require manual triage and investigation. This enables security teams to quickly pinpoint, understand and stop any MalOp™ (malicious operation) across an organization's infrastructure without security personnel needing to waste time chasing false positives. 

In doing so, Cybereason XDR frees security analysts from some of the more tedious manual tasks that are more efficient when automated for enhanced threat detection and response, thus allowing those experts to make a more meaningful contribution to their organizations’ security posture. 

Cybereason XDR:

    • Delivers Enterprise-Wide Security: Cybereason XDR reverses the attacker advantage and returns the high ground to the defenders by extending detection and response capabilities across the broader IT ecosystem that makes up modern enterprise environments. Defenders can pinpoint, understand and end any MalOp™ (malicious operation) across the entire IT stack whether on premises, mobile or in the cloud.
    • Enables Visualized Investigations: Cybereason XDR eliminates obstacles to effective detection and response, including log management and data collection tasks, agent deployment and maintenance cycles, and convoluted syntax languages for data extraction and behavioral detections. XDR breaks through data silos and unifies device and identity context in a single, visual investigation experience. Empower your curious analysts to remain focused on the mission without being distracted by manual tasks.
    • Reverses the Adversary Advantage: Cybereason XDR enables frictionless adoption of advanced detections built by and shared with the larger community of defenders. United in our efforts we can increase the burden on the attackers so they are forced to relinquish the advantage they have enjoyed for too long.


Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Cybereason Security Team
About the Author

Cybereason Security Team

The Cybereason Security Team champions cyber defenders by providing future-ready attack protection that unifies security from the endpoint, to the enterprise, to everywhere the battle moves. The Cybereason Defense Platform combines the industry’s top-rated detection and response (EDR and XDR), next-gen anti-virus (NGAV), and proactive threat hunting to deliver context-rich analysis of every element of a Malop (malicious operation). The result: defenders can end cyber attacks from endpoints to everywhere.

All Posts by Cybereason Security Team