Chief Information Security Officer at Canara Robeco Asset Management Company Limited
User
2022-09-09T05:35:28Z
Sep 9, 2022
Adaptability and adoptability of new solutions, flexibility on cloud platforms, ease of use, and approach. The solution should also have a strong end-to-end incident response system.
Search for a product comparison in Extended Detection and Response (XDR)
Check for EDR in the beginning. If EDR does not provide you sufficient information, then XDR won't satisfy your needs. Keep that in mind that the term XDR is overly abused by vendors.
ESET Support at a computer software company with 11-50 employees
Reseller
Top 5
2022-08-10T13:07:05Z
Aug 10, 2022
XDR solution should not be constrained by the design of the features that brigs. It should allow you to build any kind of detection rule or exclusion, based on every info that agents gather from endpoints. Also, enough tools provided for response. Kill, block, suspend, isolate etc.
Director InfoSec and Audit at a manufacturing company with 1,001-5,000 employees
Real User
2020-12-03T13:44:27Z
Dec 3, 2020
The rapid support and confidence of an expert team that is always there monitoring for potential unusual activity in our environment with numerous predefined playbooks that can take automated actions or the ability to create our own for unique situations. Incident view to see from beginning to end of an event and the process that prevented it from becoming an issue in our environment. Ability to use honeypots across files, users, networks, and devices to capture an attacker in the act.
From investment protection point of view, it would be better to go for a XDR solution that allows feeds from security products of multiple vendors. Many of the XDR solutions can correlate feeds from their own security products only.
Second most important thing would be how reputed and rich threat feeds are and form multiple sources.
Third would a top notch response team that can detect anomalies
Find out what your peers are saying about SentinelOne, CrowdStrike, Palo Alto Networks and others in Extended Detection and Response (XDR). Updated: April 2024.
The correlation of data over a variety of security layers as endpoints, email, servers, cloud workloads, and the general network. XDR must also strive to visualize the entire attack lifecycle.
Adaptability and adoptability of new solutions, flexibility on cloud platforms, ease of use, and approach. The solution should also have a strong end-to-end incident response system.
Check for EDR in the beginning. If EDR does not provide you sufficient information, then XDR won't satisfy your needs. Keep that in mind that the term XDR is overly abused by vendors.
XDR solution should not be constrained by the design of the features that brigs. It should allow you to build any kind of detection rule or exclusion, based on every info that agents gather from endpoints. Also, enough tools provided for response. Kill, block, suspend, isolate etc.
Threat Hunting, Threat Feed and Analytics.
Visibility and Co-Relation of Threats
Cloud Based Management
@E.ABDUL Thanks for weighing in :)
The rapid support and confidence of an expert team that is always there monitoring for potential unusual activity in our environment with numerous predefined playbooks that can take automated actions or the ability to create our own for unique situations. Incident view to see from beginning to end of an event and the process that prevented it from becoming an issue in our environment. Ability to use honeypots across files, users, networks, and devices to capture an attacker in the act.
From investment protection point of view, it would be better to go for a XDR solution that allows feeds from security products of multiple vendors. Many of the XDR solutions can correlate feeds from their own security products only.
Second most important thing would be how reputed and rich threat feeds are and form multiple sources.
Third would a top notch response team that can detect anomalies
The correlation of data over a variety of security layers as endpoints, email, servers, cloud workloads, and the general network. XDR must also strive to visualize the entire attack lifecycle.