← All glossary terms Glossary

What is Extended Detection and Response (XDR)?

Detection and response across multiple security data sources — endpoints, email, identity, cloud — combined into one platform.

Extended Detection and Response (XDR) takes the EDR idea and extends it across additional signal sources: email, identity providers, cloud workloads, network telemetry, and more. The goal is to correlate signals across those sources so attacks that touch multiple systems are caught earlier. The term is heavily used by vendors, often to describe what is really a tightly integrated EDR plus SIEM. Buyer-side, the practical question is: does the platform actually correlate across sources, or is it just a unified dashboard?

Keep learning

Related terms

Security Operations Center (SOC)

The team and tooling that continuously monitor your environment for security threats, investigate them, and respond when something is found.

Read definition →

Security Information and Event Management (SIEM)

A platform that collects log data from across your environment and runs detection rules over it to find security events.

Read definition →

Security Orchestration, Automation, and Response (SOAR)

Tooling that automates repetitive parts of investigation and response — like enriching alerts or isolating endpoints.

Read definition →

Multi-Factor Authentication (MFA)

A sign-in security control that requires something beyond a password — typically a phone, security key, or app prompt.

Read definition →

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team