XDR (Extended Detection and Response)

Also: Extended Detection and Response

A security platform that unifies telemetry across endpoint, network, identity, email and cloud, correlating signals that would otherwise be siloed across point tools. XDR is EDR plus the context to detect multi-stage attacks that a single sensor would miss.

XDR extends EDR by ingesting signals from multiple security domains (identity, email, network, cloud) and correlating them in one analytics layer. The value is in the correlation: a suspicious OAuth grant plus an unusual VPN login plus an endpoint anomaly look harmless individually and hostile together.

The practical question in an XDR decision is whether to buy a native XDR suite (single vendor, tight integration, deeper lock-in) or to build an open XDR stack (best-of-breed sensors feeding a SIEM or data platform). Both are defensible; the memo has to make the trade-off explicit.

In regulated contexts, XDR selection often interacts with SOC or MDR contracts. If the MDR partner runs on a specific XDR, the MDR and XDR decisions are not independent and the memo should treat them as one.

XDR (Extended Detection and Response)

Related terms