What is XDR and how does it work?

XDR stands for Cross-layered detection and response. Safety from various parts in Network systems such as PCs, mobile devices, email, servers, Cloud, or network devices. XDR is a new technology. that adds to the traditional cyber security audit. XDR combines detection and response methods to cover the entire system (Across Multiple environments).

How XDR works

          Today, cyber threats are harder to detect because they often hide between security zones. Each zone may have equipment or software that detects them, but they do not work together. Therefore, threats hide in the gaps between zones. and cause damage to data or the system can work

          XDR can detect and differentiate threats. Collect data and analyze the relationship of threats in each zone, such as from the computer zone, server zone, network zone, and cloud zone for XDR threat detection according to various zones as follows.

Computer (Endpoint)

          Monitoring the events that occur on the computer is what will tell you. Where does the threat originate from and how does it spread? XDR looks for unusual events on the computer based on Indicators of Attack XDR can tell us where strange events are occurring. And where does the source of danger come from and where does it expand or spread? along with being able to stop threats encountered

Network

          Network analysis to see attacks or the likelihood of an attack occurring is important In order to know if there are vulnerabilities or points that can cause attacks, such as IoT devices in the network, vulnerabilities in the firmware of devices, or embedded threats in the network, XDR is able to analyze and find Threats can be found The path that the threat enters may be from the Gateway to the Server, along with reporting to the system administrator about the threats encountered and the extent of the attack.

Server and Cloud

          Protecting against threats to servers or clouds is similar to protecting computers. There will be an analysis of events that occur in the Server or Cloud and then compare with Indicator of Attack (IOA) to indicate whether a threat is seen or not.

          For example, if a threat attacks the cloud system through an IoT device, XDR will investigate and analyze which device it comes from, or if the server is running slowly, XDR can analyze whether the cause is from some unusual process on the server or Data is damaged (Data Corrupted)

          which XDR is able to stop abnormal processes in order not to attack Expand to other parts along with being able Send us a report of the attack, root cause, and extent of the attack for information on preventative measures.

XDR vs. legacy protection

          XDR technology is different from traditional protection technology in that XDR does not monitor zones individually, but monitors and protects every zone by collecting data or events in each zone and analyzing them. Find relationships to find the root cause of the attack. And can also stop the attack It may be blocking. Prevents threats from entering and can report to Administrator.

XDR and Endpoint Detection and Response(EDR)

          XDR is different from EDR in the letter E. This is because XDR not only protects Endpoints but can protect the entire system, every zone, so X is used instead of E.

XDR with Network Traffic Analysis (NTA)

          Both XDR and NTA detect threats, but NTA focuses on patterns that are different. Is the pattern the same as it used to be? For example, if we use traffic from America, Canada, Brazil, but suddenly there is traffic from Russia, NTA will see that this is an abnormal usage and will give an alert.

XDR with Security information and Event Management(SIEM)

          XDR is different from SIEM in that XDR has an automatic response to events that occur, while SIEM can customize how to respond.

XDR and Security Orchestration, Automation, and Response (SOAR)

          XDR can automatically detect and respond to events, but SOAR, in addition to working like XDR, can also help design and manage security policies.

Credit : What is XDR? Extended Detection and Response Security (fortinet.com)