EDRXDR

XDR vs EDR : understanding the differences and their advantages

We hear about these new technologies every day, but are we really aware of their differences and complementarities? In short, what are we talking about?

quelles différences entre un XDR et un EDR ?

The strengths and benefits of an EDR.

EDR, or Endpoint Detection and Response, collects and analyzes data from several endpoints to identify behavioral deviations,research incident data and sort alerts that could represent a threat to the endpoint, and therefore potentially to the information system to which it is connected. It allows teams to respond quickly by neutralizing threats.

Anton Chuvakin of Gartner defines EDR [1] as “a category of tools and solutions that focus on detecting suspicious activity directly on the hosts of the information system.”

Simply put, EDR is a new generation of anti-malware, no longer relying solely on signature systems to perform malicious behavior detection. EDR adds behavioral process analysis capabilities to determine deviance.

For a free demo request:

XDR: “to infinity and beyond”!

XDR (eXtended Detection Response) is the evolution, the eXtension of EDR. And this evolution takes place on several axes.

According to Gartner: ‘XDR is cloud-delivered technology that includes multipoint solutions and advanced analytics to correlate alerts from multiple sources into incidents from individual weaker signals to create more accurate detections. It aims to reduce product sprawl, alert fatigue, integration challenges and operational expenses, and will especially appeal to security operations teams that struggle to manage a portfolio of best-of-breed solutions or leverage a SIEM or SOAR solution.”[2]

While EDR detects at the endpoint level, XDR goes beyond that. It is able to collect and detect deviant and potentially malicious activity on devices such as servers, cloud, networks…

But beyond the much wider range of sources, the XDR brings elaborate functionalities allowing, for example, to increase the level of contextualization by connecting to the CTI, to bring a greater capacity of anticipation by crossing the detected technical information with external content, to refine the possibilities of response automation by giving an even finer granularity to the intervention.

For a complete definition, go to: https://tehtris.com/en/blog/glossary/open-xdr

Comment fonctionne la TEHTRIS XDR Platform

Why choose TEHTRIS solutions?

TEHTRIS’ pioneering and unique XDR technology allows to centralize and consolidate the data collected by the various sensors and probes deployed in an information system.

The specificity of the TEHTRIS platform is its ability to offer a holistic approach to detection. All modules developed by TEHTRIS are integrated into the platform: SIEM, EDR, EPP, MTD, DNS FW, NTA… These modules, interconnected and complementary, bring to our XDR technology a unique capacity of analysis and contextualization. But the power of the TEHTRIS XDR platform does not stop there. Indeed, we have developed it with the TEHTRIS Open XDR Platform in mind, which means that it also has the capacity to integrate third-party solutions as complementary detection and contextualization modules.

Huge capacities for complete protection.

Concretely, if TEHTRIS detects a strange and hidden binary, the platform will analyze it. If it is known, it will neutralize it. If it is unknown or suspicious, it will ask our SOAR (the platform’s “conductor”) to look at our CTI (Cyber Threat Intelligence) to do all the analyses (antivirus, sandbox, AI) to decide if it is a legitimate program or not. If it’s not, the platform will automatically stop and destroy the threat immediately. The TEHTRIS XDR Platform lets security teams create their own dashboards tailored to organizational reporting.

Interest of the XDR technology

Not all technologies are created equal.

It is essential to have tools that allow to have a holistic view of the activity on the networks, the systems, the cloud, but also to protect simultaneously the workstations, the servers, the networks… They must also allow to detect threats and suspicious behavior always more advanced, by capitalizing on artificial intelligence and its algorithms, international databases, and a platform like TEHTRIS XDR which acts effectively in real time on the attacks without human intervention. The automation that this technology allows is a real plus for analysts who will save time and be able to focus on more important tasks, the objective being to increase the user experience, to reduce the time of detection and reaction to attacks, the security teams will now be able to visualize in one place all the alerts raised by the different solutions to which they have subscribed, through the TEHTRIS Open XDR Platform and thanks to the APIs connection.

The contribution of intelligence in our TEHTRIS XDR Platform will allow us to add content, which in turn will feed our AI, it is a virtuous loop. This contribution of information from multiple channels allows us to set up protections against a wide variety of attacks.

For more details, see our article dedicated to the XDR platform of TEHTRIS: https://tehtris.com/en/blog/open-xdr-definition

[1] Gartner “Named Endpoint Threat Detection & Response-Anton Chuvakin”26 juillet 2013

[2] Craig Lawson, Peter Firstbrook, Paul Webber -Market Guide for Extended Detection and Response -Published 8 November 2021