XDR: Unifying Incident, Detection, Response and RemediationGartner's Bhajanka on Why XDR is Gaining Traction
By consolidating data from different sources XDR positions itself as an attack-centric tool and not a role-centric tool, which Prateek Bhajanka, senior principal analyst at Gartner, says helps it to detect attacks from anywhere.
See Also: Top 50 Security Threats
“One of the biggest differentiators of XDR is the refreshed architecture that it is offering. Rather than having an email application integrated with EDR, and EDR being integrated with a secure gateway and having one to one integration across tools, we are now creating a central data lake to which data will be submitted from all these sensors that just collect information from the endpoints, and devices,” says Bhajanka.
Bhajanka also discusses how XDR fills the gaps by SIEM and why the two must not be confused. “The initial confusion around XDR was if it was very similar to SIEM. If you look at the wide variety of use cases that a SIEM solves, that is where getting the required insights from SIEM could be difficult and it may not be as effective and efficient as XDR would be able to give.”
In this video interview with Information Security Media Group, Bhajanka also discusses:
- How XDR is different from SIEM;
- Why XDR is gaining relevance in the cybersecurity world;
- The perceived challenges of XDR.
Bhajanka is a senior principal analyst for Gartner research, focusing on security and risk management. Bhajanka's areas of research include endpoint protection platforms/endpoint detection and response (EPP/EDR), malware and ransomware prevention.