XDR

Extended Detection and Response. An evolution of EDR that aggregates and correlates security telemetry from multiple sources — endpoints, network, cloud, identity, and email — to detect and respond to threats that cross multiple attack vectors. XDR provides a unified investigation timeline that shows how an attacker moved from an initial phishing email through credential theft to lateral movement to data exfiltration, enabling faster and more complete incident response.

XDR vs. EDR

EDR covers endpoints only. XDR ingests and correlates data from multiple security data sources (email, identity, network, cloud).

Common examples

SentinelOne Singularity, CrowdStrike Falcon XDR, Microsoft Defender XDR, Palo Alto Cortex XDR.

Why it matters

Modern attacks don't stay on endpoints. Ransomware actors routinely use email, cloud identity, and network paths. XDR closes the visibility gaps that EDR-only coverage leaves open.