XDR & xDRA

The primary goal of an Extended detection and response (XDR) platform is to increase detection accuracy by correlating threat intelligence and signals across multiple security offerings, and improving security operations efficiency and productivity. All this is NOT possible without Automation and hence XDRA (XDR + automation)

To achieve XDR the analytics platform have to

  • Centralise security data by combining security information and event management (SIEM)

  • Security orchestration, automation, and response (SOAR)

  • Real time and batch analysis

  • Endpoint detection and response (EDR)

These are very challenging and complicated requirements. Though many products advertise as XDR, in reality it is a complex task to achieve in reality especially with variety of systems, vendors, data-types and unparsed datasets.

The first and foremost requirement for any XDR is "data". So data onboarding and understanding the data is of paramount importance. The data element of XDR requires

  • Visibility: They need a central place to conduct analysis, root-cause identification, and remediation planning.

  • Analytics: The product should have flexible framework to compose, enable, and monitor new analytics use cases at scale. It should also seamlessly integrate with analyst workflows to prioritize and build the attack narrative.

  • Response: This central solution must be responsive. Users need a way to remediate attacks — preventing them before they even start is all the better. Ransomware “detection” does not help an organization.


We can provide niche consultancy and working alongside to make XDR reality. Please contact us to know how we can help you.