Sorry to have a dissenting opinion. XDR is the attempt of AV vendors to solve the problem that their AV solution is incapable of blocking especially the modern nasties that operate in process space and im-memory. Thus your hosts get infected anyway. With XDR they make you, the customer pay for getting the virus info from you and let you pay for their AI effort to process that info. O yes, then they come up with 'remediation' workflows to 'restore' your infected (many?) workloads. Of course, these workflows are site-specific so you must build an test them yourself! XDR is 'free money' for AV vendors. My organization is not in the business of 'detecting' malware but in preventing any malware infection in the first place. To that respect we are using an AMTD (Automated Moving Target Defense) component as an add-on to our regular AV, now Trend Micro, but moving to MS Defender integrally. The combination MS Defender and AMTD is unbeatable in performance and price. I leve it to you to look up the recent Gardner report on AMTD and read what component we are using. AMTD is plugging the big hole that AV vendors leave open.
Find out what your peers are saying about SentinelOne, CrowdStrike, Palo Alto Networks and others in Extended Detection and Response (XDR). Updated: April 2024.
Which definition for XDR are we using for this conversation? there are way to many.
Sorry to have a dissenting opinion. XDR is the attempt of AV vendors to solve the problem that their AV solution is incapable of blocking especially the modern nasties that operate in process space and im-memory. Thus your hosts get infected anyway. With XDR they make you, the customer pay for getting the virus info from you and let you pay for their AI effort to process that info. O yes, then they come up with 'remediation' workflows to 'restore' your infected (many?) workloads. Of course, these workflows are site-specific so you must build an test them yourself! XDR is 'free money' for AV vendors. My organization is not in the business of 'detecting' malware but in preventing any malware infection in the first place. To that respect we are using an AMTD (Automated Moving Target Defense) component as an add-on to our regular AV, now Trend Micro, but moving to MS Defender integrally. The combination MS Defender and AMTD is unbeatable in performance and price. I leve it to you to look up the recent Gardner report on AMTD and read what component we are using. AMTD is plugging the big hole that AV vendors leave open.