Information Event Management (SIEM) with the addition of response capability. And that is the key point.
            Unlike SIEM, XDR does not only identify an incident, but it also has an automated response to it.

            Most  vendors  with  XDR  are  promoting  integrating  their  security  products  together  to  build  a  more
            coordinated response.  The reality is most XDR tries to integrate endpoints and networks together using
            endpoint detection and response (EDR) and next generation network firewalls (NGFW); the idea being
            EDR can tell the firewall what to block, such as malware command & control (C&C) communications.




            Why XDR is Not Enough

            So, as grand as the concept of XDR is, it is rather limited for several reasons:



               •  XDR is usually one way


            In most XDR solutions, the EDR can send information to the firewall to trigger a response but the firewall
            does not normally send information to the endpoint to respond to a threat.  For example, and endpoint
            can tell the firewall it is infected by malware and the firewall can block  all communications from that
            endpoint.  But the firewall, when seeing suspicious traffic, cannot ask the endpoint to run a scan to see if
            it is infected.












































                                                                                                            104