•  XDR response is not granular


            Normally, EDR will tell the firewall that the endpoint is infected.  But what malware was detected or what
            ports the malware uses for C&C are not communicated. So, the firewall will block all communications
            from the endpoint, effectively isolating it from other network segments or the internet.  But that would not
            be good if the endpoint were an ecommerce server generating revenue.



               •  Response time slowed due to indirect communications


            As exciting as integrating EDR and NGFWs together sounds, the EDR and NGFW may not directly
            communicate with each other.  Instead, communications and response instructions are routed through a
            management or threat intelligence (TI) platform.  This indirect communication could impact how long it
            takes for a response to be initiated.



               •  XDR does not close gaps between products

            All  security  products  have  a  sphere  of  influence  or  area  domain  that  they  protect.  NGFWs  protect
            communications between networks. EDR protects endpoint from malware.  But malware is becoming
            more sophisticated and can exploit the gaps in coverage between networks and endpoints.












































                                                                                                            105