Glossary term
XDR (Extended Detection and Response)
Also: Extended Detection and Response
A security platform that unifies telemetry across endpoint, network, identity, email and cloud, correlating signals that would otherwise be siloed across point tools. XDR is EDR plus the context to detect multi-stage attacks that a single sensor would miss.
XDR extends EDR by ingesting signals from multiple security domains (identity, email, network, cloud) and correlating them in one analytics layer. The value is in the correlation: a suspicious OAuth grant plus an unusual VPN login plus an endpoint anomaly look harmless individually and hostile together.
The practical question in an XDR decision is whether to buy a native XDR suite (single vendor, tight integration, deeper lock-in) or to build an open XDR stack (best-of-breed sensors feeding a SIEM or data platform). Both are defensible; the memo has to make the trade-off explicit.
In regulated contexts, XDR selection often interacts with SOC or MDR contracts. If the MDR partner runs on a specific XDR, the MDR and XDR decisions are not independent and the memo should treat them as one.
Related terms
EDR (Endpoint Detection and Response)
A class of endpoint security tools that continuously records endpoint activity and enables detection…
MDR (Managed Detection and Response)
A service that provides outsourced 24/7 monitoring, detection and response on top of an EDR or XDR p…
SIEM (Security Information and Event Management)
A platform that centralises security logs, enables long-term retention, runs correlation rules and s…